Beware of BlackCat Gang's Malicious WinSCP Ads Spreading Ransomware
Threat actors associated with the BlackCat ransomware are using malvertising techniques to distribute rogue installers of the WinSCP file transfer application. By hijacking keywords and displaying bogus ads on search results pages, unsuspecting users searching for WinSCP are redirected to sketchy pages where they unknowingly download malware. The malware contains a Cobalt Strike Beacon that connects to a remote server for follow-on operations, and also utilizes legitimate tools like AdFind for network discovery. The attackers gain top-level administrator privileges, conduct post-exploitation activities, and attempt to set up persistence using remote monitoring and management tools. This incident highlights the ongoing threat of ransomware and the need for robust cybersecurity measures.