Brad · @malware_traffic
2260 followers · 114 posts · Server infosec.exchange
Also posted at: https://twitter.com/malware_traffic/status/1621728889486671873
2023-02-03 (Friday) - DEV-0569 activity: Google ad fake CPUID page --> "FakeBat" Loader --> Redline Stealer & Gozi/ISFB/Ursnif
IOCs, pcap of the infection, and associated malware/artifacts available at: https://malware-traffic-analysis.net/2023/02/03/index.html
Tags: #DEV0569 #FakeBat #Gozi #ISFB #Malware #pcap #Redline #RedlineStealer #Ursnif
Hopefully, recent blogs about all these malicious Google ads will force Google to change something. But I have a feeling Google will keep on being Google.
#dev0569 #fakebat #gozi #isfb #malware #pcap #redline #RedLineStealer #ursnif
MalwareLab :verified: · @malwarelab_eu
203 followers · 19 posts · Server infosec.exchange
Delivery of #BATLOADER #malware via #GoogleAds by #DEV0569 in malvertising campaign. This threat actor has used BATLOADER -> #CobaltStrike Beacon -> Royal #ransomware.
Footnote: adblocking solutions (e.g. #ublockorigin, #adblock, #pihole @Raspberry_Pi) can prevent similar attacks
#batloader #malware #googleads #dev0569 #cobaltstrike #ransomware #ublockorigin #adblock #pihole
DarkOperator 🚀 · @DarkOperator
639 followers · 358 posts · Server infosec.exchange
#DEV0569 finds new ways to deliver #Royal #ransomware, various payloads https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/