Lowe's employees phished via Google ads | Malwarebytes
Criminals are impersonating MyLowesLife, Lowes' HR portal for current and former employees.
Fake Google Authenticator Website Installs Malware
See how adversaries are impersonating Google Authenticator in Google Ads to deliver the DeerStealer information-stealing malware.
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations
Welcome to the Finding Malware Series The “Finding Malware,“ blog series is authored to empower the Google Security Operations community to
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
Google ads push fake Google Authenticator site installing malware
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.
Ongoing Malvertising Campaign leads to Ransomware
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.
New Backdoor, MadMxShell
Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged GoogleAds to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites. The newly discovered backdoor uses several techniques such as multiple stages of DLL sideloading, abusing the DNS protocol for communicating with the command-and-control (C2) server, and evading memory forensics security solutions. We named this backdoor “MadMxShell” for its use of DNS MX queries for C2 communication and its very short interval between C2 requests.