HP Wolf Security's cybersecurity researchers have issued a warning about various ongoing activities that aim to use typosquatting domains and malicious advertising to spread different types of malware to unwitting victims.
Additionally, the scammers paid various ad networks to broadcast ads promoting these bogus websites. Search engines can end up presenting harmful versions of the websites alongside trustworthy ones when users search for these programs in this manner. Users risk being misdirected if they are not careful and double-check the URL of the website they are viewing.
Bogus installers
A total of 92 domains that look like other software and may have been used to spread IcedID were found. If victims do find themselves in the incorrect location, they would not likely notice the difference.
The websites are meticulously created to resemble the real ones in practically every way. In the context of Audacity, the website hosts a malicious.exe file that poses as the installation for the program. 'audacity-win-x64.exe' is the file's name, and it is larger than 300MB in size. The attackers strive to avoid detection by being this large, in addition to antivirus software. The researchers found that several antivirus products' automatic scanning functions do not check really huge files.
According to Cyble security experts, Rhadamanthys was used to steal data from web browsers, crypto wallets, and messaging apps. It was spread using Google Ads that imitated AnyDesk, Zoom, Bluestacks, and Notepad++.
Another issue involved DEV-0569 abusing Google Ads to distribute BatLoader, according to Microsoft researchers. As part of the spreading process, the group imitated LogMeIn, Adobe Flash Player, and Microsoft Teams.
Due to their extensive capabilities, info-stealers are now a common type of malware utilized by hackers. The demand for this malware is so great that it rules many underground market forums.
Increased sales of victim data on the dark net will result from selling these new malware strains and the accessibility of info-stealer malware source code.
Users should double-check the integrity of these websites before downloading any installers as the most recent assault campaign mostly uses bogus websites that look legal to distribute malware. To reduce the risk of info-stealer malware, it is also advised to deploy MFA across all accounts.