Beware: Google Ads Promote Malicious CPU-Z App on Fake Windows News Site
A threat actor has been using Google Ads to distribute a trojanized version of the CPU-Z tool, which delivers the Redline info-stealing malware. The malicious advertisement is hosted on a cloned copy of the legitimate Windows news site WindowsReport. Clicking on the ad redirects users to a fake Windows news site, where they are prompted to download a digitally-signed CPU-Z installer containing a malicious PowerShell script. The script downloads the Redline Stealer payload, which can collect sensitive data from web browsers and cryptocurrency wallets. Users are advised to be cautious when clicking on promoted results in Google Search and to verify the legitimacy of the loaded site and domain.