Rampant Malvertising: Urgent Action Needed to Combat PikaBot and DANABOT
A malvertising campaign is distributing the PikaBot malware disguised as popular software like AnyDesk. PikaBot, previously distributed via malspam campaigns, is a loader and backdoor that allows threat actors to gain unauthorized remote access to compromised systems. The malware is being leveraged by the cybercrime threat actor TA577, who has previously delivered QakBot, IcedID, and Cobalt Strike. The initial infection vector involves a malicious Google ad for AnyDesk that redirects victims to a fake website hosting a malicious MSI installer. The attacks bypass Google's security checks and employ fingerprinting techniques to ensure the victim is not in a virtualized environment. This malvertising campaign is reminiscent of previous chains used to distribute FakeBat malware. Additionally, there has been a rise in malicious ads targeting popular software searches, including the use of a Chrome extension framework called ParaSiteSnatcher to intercept and exfiltrate sensitive information.
- New Malvertising Campaign Distributing PikaBot Disguised as Popular Software The Hacker News
- Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors Mandiant
- Hackers Abusing Search Engine Ads to Deliver DANABOT & DARKGATE Malwares CybersecurityNews
- PikaBot Targets Enterprises Via Malicious Search Ads BankInfoSecurity.com
- Malvertising has been out of control in 2023, and Google needs to do more to stop it ITPro
Reading Insights
0
1
3 min
vs 4 min read
79%
682 → 142 words
Want the full story? Read the original article
Read on The Hacker News