Beware of BlackCat Gang's Malicious WinSCP Ads Spreading Ransomware

July 3, 2023 at 04:46 AM

•

1 min read

Beware of BlackCat Gang's Malicious WinSCP Ads Spreading Ransomware — Photo: The Hacker News

TL;DR Summary

Threat actors associated with the BlackCat ransomware are using malvertising techniques to distribute rogue installers of the WinSCP file transfer application. By hijacking keywords and displaying bogus ads on search results pages, unsuspecting users searching for WinSCP are redirected to sketchy pages where they unknowingly download malware. The malware contains a Cobalt Strike Beacon that connects to a remote server for follow-on operations, and also utilizes legitimate tools like AdFind for network discovery. The attackers gain top-level administrator privileges, conduct post-exploitation activities, and attempt to set up persistence using remote monitoring and management tools. This incident highlights the ongoing threat of ransomware and the need for robust cybersecurity measures.

Topics:technology #blackcat-ransomware #cobalt-strike #cybersecurity #malvertising #winscp

Share this article

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising The Hacker News
Don't be fooled by fake ads for this file transfer service - they could lead to malware TechRadar
BlackCat gang used Google and Bing search ads to push malware-laced dev tool SC Media
BlackCat ransomware pushes Cobalt Strike via WinSCP search ads BleepingComputer
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

85%

720 → 109 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights