Getty Images/Carsten Koall
KEY POINTS
A report revealed that hackers exploit Google Ads to trick their victimsHackers are spoofing popular apps like Telegram and Google Chrome to lure their victimsMost malware victims are located in Asia
Slovak cybersecurity researchers have discovered that Google Ads is being used by hackers to install remote access malware, such as FatalRat, to gain complete control of targeted devices.
ESET, a cybersecurity firm based in Slovakia, published a technical report this week about the new malware campaign that targets Chinese-speaking users in East and Southeast Asia, HackRead reported.
According to the researchers, hackers inject remote access Trojans into malicious Google ads that encourage users to download them to their devices.
Hackers purchase ad slots to appear in Google search results and redirect users looking for popular apps to malicious websites hosting trojan installers.
“The attackers purchased advertisements to position their malicious websites in the ‘sponsored’ section of Google search results. We reported these ads to Google, and they were promptly removed,” ESET researchers said.
“The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible,” the researchers added.
Cybercriminals used the FatalRat malware as it contains numerous commands to manipulate data from various browsers.
Some of the spoofed applications include Line, Signal, Skype, Youdao, Electrum, Telegram, WhatsApp, WPS Office, Mozilla Firefox, Google Chrome and Sogou Pinyin Method.
After the malware is deployed to victims’ devices, the hackers gain full control of the devices and can steal data from users’ web browsers, run malicious files and capture keystrokes.
The attackers would sell the stolen user data, such as web credentials, to underground hacker forums or use them for other cybercrime campaigns.
According to the report, most victims were located in China, Taiwan, Japan, Malaysia, Thailand, the Philippines, Indonesia, Myanmar and Hong Kong.
“The websites and installers downloaded from them are mostly in Chinese and in some cases falsely offer Chinese language versions of software that is not available in China,” researchers wrote.
Researchers unearthed the FatalRat malware campaign between August 2022 and January 2023, but Google Ads and Google AdSense have been long exploited by hackers to deliver malware across the globe.
In December 2022, the Federal Bureau of Investigation (FBI) warned the public about regarding the same tactic.
“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms. These malicious sites appear to be real exchange platforms and prompt users to enter login credentials and financial information, giving criminal actors access to steal funds,” the FBI said.
The FBI advised the public to check the URL first to ensure the website is authentic, use the business’ official website URL instead of searching it and install an ad block extension to their web browsers to block malicious ads.
The FBI has also urged businesses to educate their consumers about their official websites and use domain protection services to avoid being spoofed by hackers.
It also asked victims to report fraudulent activities to their Internet Crime Complaint Center at www.ic3.gov.
Representation of a cyber attack crime.
Getty Images/Bill Hinton/Contributor
2023-02-18 03:00:03
Post from www.ibtimes.com
Malware has become an increasingly serious problem for everyday internet users, with cybercriminal groups regularly developing malicious software for a variety of nefarious purposes, including stealing user data and taking control of devices. Recently, a new strain of malware known as ‘FatalRat Trojans’ has been installed through Google Ads to take control of users’ devices.
FatalRat is a Remote Access Trojan, or RAT, which allows malicious actors to gain full control of infected computers. It is often used to carry out activities such as data theft, credential harvesting, espionage and even ransomware distribution.
According to cybersecurity experts, this particular cyber-attack occurs when unsuspecting victims click on malicious Google ads that redirect them to a landing page that contains a “downloader”, a tool used to download the FatalRat Trojans onto the victim’s device. Once the trojan has been installed, the attacker is then able to take control of the user’s device remotely and can access private data, steal banking details and launch further hacking attacks from the victim’s computer.
Fortunately, the risks of infection from FatalRat Trojans can be greatly reduced by taking a few simple steps. The first is to always keep your operating system, applications and antivirus software up to date. Secondly, never click on a suspicious link or download software from an unknown source. Finally, it’s also a good idea to use a web-based browser extension like uBlock Origin or Ghostery that can help detect malicious ads and websites and block them from loading.
It’s important to remember that malware is an ever-changing threat and the best way to stay safe online is to remain vigilant and keep your devices secure. Now more than ever, it’s essential to practice good cyber security hygiene and take precautionary steps to protect yourself and your data.