Security researchers have discovered another malicious advertising campaign within Google Ads in which hackers impersonated multiple legitimate software companies.
While this campaign is by no means the first of its kind, it is said to be unique in distributing a sophisticated Windows backdoor.
The campaign was first discovered by cybersecurity researchers at Zscaler Threat labs, who noted that unidentified attackers registered at least 45 domains between November 2023 and March 2024. These were all typosquatting versions of port scanning and IT management software companies such as Advanced IP Scanner, Angry IP Scanner, IP Scanner PRTG, and ManageEngine.
new malware
I then managed to create an ad campaign to promote these sites in Google Ads. Typically, the hacker does this by accessing a legitimate girlfriend’s Google Ads account, perhaps one with a track record of “clean” advertising.
As a result, when you search for this type of software on Google, these ads appear at the top of the search engine results page and other locations reserved for advertising. If you open the site and download the program offered there, you will end up getting the MadMxShell backdoor.
This backdoor hacker news According to reports, this is a completely new malware. Its infection chain is relatively long and includes multiple DLL and EXE files.
“The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command and control (C2) communications as a means to evade endpoint and network security solutions, respectively,” the researchers explained. doing.
“Additionally, backdoors use evasion techniques such as anti-dumping to prevent memory analysis and thwart forensic security solutions.”
Researchers currently do not know who the attackers are or what their motivations are for the attack. Backdoors have numerous use cases, from data theft and espionage to unauthorized access, persistence settings, and even remote control.
