Mr.Trunk · @mrtrunk
12 followers · 20047 posts · Server dromedary.seedoubleyou.me
AI6YR · @ai6yr
4347 followers · 27932 posts · Server m.ai6yr.org
Mr.Trunk · @mrtrunk
5 followers · 8742 posts · Server dromedary.seedoubleyou.me
Mr.Trunk · @mrtrunk
5 followers · 8641 posts · Server dromedary.seedoubleyou.me
Xermin Dori · @xermindor
29 followers · 387 posts · Server mstdn.social

@rfwaveio

Google: Spreads malware via ads the thousandth time.

Also Google: problem with adblockers, yada yada yada

arstechnica.com/gadgets/2023/0

#malvertising #Google

Last updated 1 year ago

con2stay · @content2stay
1 followers · 26 posts · Server norden.social

Neue Ransomware für Windows: TrendMicro-Sicherheitsforscher haben einen kürzlich aufgetauchten Ransomware-Stamm mit dem Namen "Big Head" analysiert, der sich möglicherweise über Malvertising verbreitet, das für gefälschte Windows-Updates und Microsoft Word-Installationsprogramme wirbt:
trendmicro.com/en_us/research/

#ransomware #malvertising #windows #trendmicro #dass #datenschutz #datensicherheit

Last updated 1 year ago

Marcel SIneM(S)US · @simsus
198 followers · 4379 posts · Server social.tchncs.de
Marcel SIneM(S)US · @simsus
179 followers · 3305 posts · Server social.tchncs.de
Valerie Sonh :verified_twtr: · @ValerieSonh
299 followers · 696 posts · Server masto.ai

tells its people: block those ads theregister.com/2023/04/25/sin "Singapore isn’t the first and only government to advocate ad blockers. Similar advice was issued in a public service announcement from the FBI at the end of last year, surely to the dismay of internet publishers." I never heard about that until now, though I've used content blockers since 2003.

#singapore #ad #ads #malvertising

Last updated 2 years ago

mithrandir · @mithrandir
67 followers · 145 posts · Server defcon.social

Google ad leading to likely a tech support posing as support.

ransomwarebyte[.]com

#scam #malwarebytes #malvertising

Last updated 2 years ago

mithrandir · @mithrandir
63 followers · 143 posts · Server defcon.social

Seeing more similar samples today, all coming from malicious ads. Some keywords have been "pdf-tools" and "Advanced IP Scanner".

Payloads are MSIX files containing a PowerShell script which downloads the stealer.

IOCs:
adv-sect[.]site
advert-job[.]ru
pdf-editor[.]store
advanced-ip-scanner[.]world/

Ad Domains:
tucsontreeservicecompany[.]com
branchmanconstruction[.]com

#google #redline #iocs #malware #malvertising

Last updated 2 years ago

mithrandir · @mithrandir
62 followers · 142 posts · Server defcon.social

An interesting malvertisement this morning. Instead of immediately presenting a cloned downloaded page, it has the user "sign up" for a plan, and then "win" a trial version of the software.

Event chain:
Search for "Restream" -->

Malicious Ad -->

https://carthart[.]info/download-643d320a5804c.php -->

https://www.dropbox[.]com hosting the payload.

virustotal.com/gui/file/34a4cb

#google #malvertising #ioc #malware

Last updated 2 years ago

mithrandir · @mithrandir
60 followers · 141 posts · Server defcon.social

Noticing a little more Google malvertising over the last few days. A search for PDF tools leads to the following:

Ad --> roi-calc[.]com -->
pdf-editor[.]store/ -->
advert-job[.]ru/pdf.php?site=pdf-editor -->
adv-pardorudy[.]site/dwnld/PdfExtra-x86.msi

The MSI contained a double base64 encoded PowerShell script, which downloads two more malicious files, one of which is stealer.

#google #redline #malvertising #ioc

Last updated 2 years ago

Maxim Weinstein · @maximweinstein
65 followers · 306 posts · Server mstdn.social
mithrandir · @mithrandir
59 followers · 135 posts · Server defcon.social

Google may have cracked down on ads leading to info-stealer malware, but scams and other shady activity are still easy to find.

For example, if someone were wanting to enter a code for Amazon Prime and were searching for Amazon MyTv, they could easily click on one of these ads.

The phone numbers lead to a "tech support" desk, where someone tries to coerce the user into installing a remote access tool.

#google #malvertising #scam #rmm

Last updated 2 years ago

TecnoTestering :mastodon: · @tecnotestering
138 followers · 1096 posts · Server masto.es
abuse.ch · @abuse_ch
543 followers · 34 posts · Server ioc.exchange

Today, Google published their Ads Safety Report for 2022 in which they publicly admitted that "[...] at the end of 2022 and into the new year, we faced a targeted campaign of scammers creating thousands of accounts to spread malware by impersonating popular software brands" 🔥🔍

The good news is that Google "[...] quickly identified how scammers were spreading their malware and put additional restrictions to block their ability to harm consumers."

Full report is available here:
👉 blog.google/products/ads-comme

#malvertising

Last updated 2 years ago

Joe Shenouda · @shenouda
119 followers · 120 posts · Server cybersecurity.masto.host

🚨 alert! Cybercriminals are back with a bang, targeting your favorite software & crypto wallets! 😱 Stay ahead of these digital con artists with robust security solutions and DNS filtering. 🔒💻🔥 cybersec.banyansecurity.io/s/m

#malvertising #cybersecurity #staysafeonline

Last updated 2 years ago