Hackers are getting artistic with malicious Google Ads campaigns, with a new scam spotted by cybersecurity researchers Malwarethroughtes, meaning even more eagle-eyed visitors may fall victim and end up installing malware.
Hackers have been caught distributing malware by impersonating KeePass’s password manager, first of all by creating an online page that looks almost the same as KeePass’ authentic offering and providing a downloadable program that looks like the authentic item.
However, in this case, the program would also come with the PowerShell script related to the FakeBat malware loader, necessarily compromising the endpoint.
But that’s only part of the job. The other part is to attract other people to the site. To do this, scammers create malicious Google ads. They typically compromise an active Google Ads account (or buy one on the black market) and use it to set up a new campaign. When setting up this campaign, they would use Punycode to hide the URL of the malicious page online and make it appear authentic.
Punycode is a popular coding designed for internationalized domain names. In other words, it allows users to demonstrate ASCII words that are written in ASCII, by entering non-Latin scripts (Cyrillic or Chinese) into the Domain Name System (DNS).
With Punycode, the genuine URL of – “xn—eepass-vbb. info” would be displayed as “ķeepass. info”. You may not have noticed, but there’s a little dot below the letter k. And that’s how risky actors trick other people into visiting a fake site, thinking it’s genuine.
Malwarebytes notified Google of the hack, and the search engine giant got rid of the malicious campaign. However, there are other similar campaigns that are still active, and probably many more that cybersecurity researchers are unaware of. It is very important for users to be very attentive. Be careful when accessing sites through the search engine and check the address in the URL bar.
Through a computer that rings
Sead is a veteran freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, knowledge breaches, legislation, and regulations). Over the course of his career, which spans more than a decade, he has written for media outlets, including Al Jazeera Balkans. He has also facilitated several modules on content writing for Represent Communications.
This Leading Torrent Service Has Suffered a Major Data Breach
BlackCat backs down, and this time it’s a healthcare giant
How to watch Lawmen: Bass Reeves – David Oyelowo’s western
TechRadar is from Future US Inc. , a leading foreign media organization and virtual publisher. Visit our corporate website.