BLUF
Cybercriminals use online advertising to direct people to fake versions of popular software to trick users into downloading their malware.Summary
This article makes the following points:
- Researchers believe victims are downloading fake installers of popular software onto their systems via malvertising (malicious online adverts).
- Users are likely to be looking for legitimate versions of software, such as Viber, WeChat or video games like Battlefield but get directed to the malicious versions by malvertising.
- In this scam, there are three forms of malware:
- A password stealer known as Redline steals all usernames and passwords.
- A backdoor called MagnatBackdoor allows attackers to gain remote access to the PC.
- A malicious browser extension named MagnatExtension enables keylogging and taking screenshots of what the infected user is viewing.
- These attacks have been named 'magnat-attacks' by cybersecurity researchers at Cisco Talos.
- The cybercriminals behind these attacks have spent years developing and updating the malware, and that's likely to continue.
References
- Apr 2021 The Guardian FBI hacks vulnerable US computers to fix malicious malware
- Nov 2021 Microsoft Malware and ransomware protection in Microsoft 365
- Dec 2021 Techspot Cyber criminals are using fake advertising to distribute malware
- Dec 2021 Security affairs Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers
