Threat actor impersonates Google via fake ad for Authenticator

July 31, 2024, 10:59 a.m.

Description

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon execution, the malware would exfiltrate personal data from the victim's device to an attacker-controlled server. This attack highlights the ongoing abuse of online advertising platforms for distributing malware and demonstrates the need for users to exercise caution when downloading software, even from seemingly trustworthy sources.

External References

https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
https://otx.alienvault.com/pulse/66aa144126ffd80acba01825
Tags
phishing
stealer
2024-07-31
deerstealer
authentication
advertising

Date

  • Created: July 31, 2024, 10:38 a.m.
  • Published: July 31, 2024, 10:38 a.m.
  • Modified: July 31, 2024, 10:59 a.m.

Indicators

  • 5d1e3b113e15fc5fd4a08f41e553b8fd0eaace74b6dc034e0f6237c5e10aa737
  • vcczen.eu
  • vaniloin.fun
  • tmdr7.mom
  • chromeweb-authenticators.com
Download all indicators here!

Attack Patterns

  • DeerStealer
  • TA0001
  • T1588
  • T1567
  • T1598
  • T1083
  • T1071
  • T1204
  • T1112
  • T1059