This dangerous malvertising campaign mimicks popular software to steal victim info

By Scott Marlette Last updated Jan 18, 2023

Cybersecurity researchers from HP Wolf Security have warned of several active campaigns looking to deliver different types of malware (opens in new tab) to unsuspecting victims via typosquatted domains and malvertising.

The team explained in a blog post (opens in new tab) how they found threat actors creating multiple typosquatted websites impersonating popular software such as Audacity, Blender, or GIMP.

The scammers also paid different ad networks to run ads, promoting these fake websites. That way, when people search for these programs, search engines might end up serving malicious versions of the websites right next to legitimate ones. If a user isn’t careful and does not double-check the URL of the website they’re visiting, they might end up in the wrong place.

Fake installers

If victims do end up in the wrong place, they’ll hardly notice the difference. The websites are designed to look almost identical to the authentic ones, down to the tiniest detail. In Audacity’s example, the site hosts a malicious .exe file masquerading as the program’s installer. It is named “audacity-win-x64.exe” and is more than 300MB in size.

By being this big, the attackers try to avoid raising suspicion (malware is usually measured in KB), but also try to avoid antivirus programs. According to the researchers, some antivirus programs’ automatic scanning features don’t scan extremely large files.

The files are hosted on the 4sync.com cloud storage service, the researchers said, adding that all the fake installers in this campaign have been hosted there, hinting that a good defense mechanism might be to block access to this service entirely.

In the campaign, different types of malware are distributed. The largest campaigns the researchers have seen used this delivery approach to deploy the IcedID trojan, but the Vidar infostealer, BatLoader, and Rhadamanthys Stealer, have all been observed. According to HP Wolf Security, there’s been an uptick in these campaigns since November last year.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.