Since May 2023, security experts have been monitoring a campaign by hackers who use online ads to lure their victims to fake websites. The Bitdefender Labs experts are aware of references to supposed websites of well-known services such as AnyDeks, WinSCP, Cisco AnyConnect, Slack and TreeSize.
In recent years, hackers have increasingly targeted customers and businesses with infected software promoted via advertisements. The recipe is simple: cybercriminal groups set up fake websites for highly interesting software and promote them through advertisements at the top of the results page. It only takes one search and one click for a user to fall victim to the trick.
Along with the advertised software, the malicious ISO file contained a ZIP archive with a Python executable. A DLL loaded by the python.exe process was set to run malicious code in the form of a Meterpreter staging tool, giving the attackers access to the victim's computer.
Promoted links with dangerous downloads
After penetrating the network, the hackers try to steal user data, establish persistent access to important systems and exfiltrate data - with the ultimate goal of blackmail. Bitdefender Labs has recorded an attempt to install BlackCat ransomware. The campaign, which is also observed by other IT security experts, is currently mainly active in the USA and Canada. An online search and a link to the advertisement are sufficient for the infection.
Bitdefender blogs the entire English report with up-to-date examples on its website.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de