Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Threat actor impersonates Google via fake ad for Authenticator

July 31, 2024, 10:59 a.m.

Description

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon execution, the malware would exfiltrate personal data from the victim's device to an attacker-controlled server. This attack highlights the ongoing abuse of online advertising platforms for distributing malware and demonstrates the need for users to exercise caution when downloading software, even from seemingly trustworthy sources.

Date

Published: July 31, 2024, 10:38 a.m.

Created: July 31, 2024, 10:38 a.m.

Modified: July 31, 2024, 10:59 a.m.

Indicators

5d1e3b113e15fc5fd4a08f41e553b8fd0eaace74b6dc034e0f6237c5e10aa737

vcczen.eu

vaniloin.fun

tmdr7.mom

chromeweb-authenticators.com

Attack Patterns

DeerStealer

TA0001

T1588

T1567

T1598

T1083

T1071

T1204

T1112

T1059