Malvertising: Cyber Criminals Use Fake Advertisements To Spread Malware

NEW DELHI: Hackers are continually looking for new ways to attack online users and steal their personal and other important information. Previously, phishing attacks were used to deceive consumers into revealing sensitive information by imitating a legitimate source and asking for the user’s data. According to Cisco’s Talos threat intelligence, a new malicious campaign is gaining traction as an effective technique of gathering information from unwary consumers.

Malvertising is a term used by Cisco’s Talos Intelligence to describe how the “Magnat” campaign employs fraudulent web advertising to deceive people looking for legitimate software installations. The Magnat campaign, which began in late 2018, targets users in Canada, the United States, Australia, and several other European nations, according to the Cisco threat intelligence team.

ALSO READ: Malware Campaign Targeting Indian Govt, Military: Cisco Talos Warns

HOW MALVERTISING WORK

When a user is directed to the fraudulent download, they launch a fake installer that instals three forms of malware on their system. While the false installer begins to install various malware components, it does not install the original application that the user sought.

The first sort of malware is a password stealer, which harvests user credentials using a widely available tool known as Redline. MagnatBackdoor, another piece of malware, uses Microsoft Remote Desktop to gain remote access to the user’s device. When paired with Redline’s (or a similar tool’s) stolen user credentials, this access can enable uncontrolled access to the user’s systems, even if they are secured and firewalled. MagnatExtension, a Chrome browser extension used for keylogging and capturing screenshots of sensitive information, is the third component of the malware trifecta.

ALSO READ: 10 Highly Dangerous Malware To Be Aware Of And How To Prevent Them

A tweet from August 2021 included screenshots and download samples of a suspected malvertising effort. Talos examined the samples mentioned in the tweet and determined that at least one of them contained the MagnatBackdoor, MagnatExtension, and Redline malware components.

Talos believes the Magnat tools have been improved over time and show no indications of slowing down any time soon. The installer package’s name is continually changing and generally references to the names of popular apps in order to provide credibility and deceive consumers into installing the package. Previous package names include Viber-25164.exe, Wechat-35355.exe, build 9.716-6032.exe, setup 164335.exe, nox setup 55606.exe, and battlefieldsetup 76522.exe.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube