Threat actor impersonates Google via fake ad for Authenticator
July 31, 2024, 10:59 a.m.
Tags
External References
Description
An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon execution, the malware would exfiltrate personal data from the victim's device to an attacker-controlled server. This attack highlights the ongoing abuse of online advertising platforms for distributing malware and demonstrates the need for users to exercise caution when downloading software, even from seemingly trustworthy sources.
Date
Published: July 31, 2024, 10:38 a.m.
Created: July 31, 2024, 10:38 a.m.
Modified: July 31, 2024, 10:59 a.m.
Indicators
5d1e3b113e15fc5fd4a08f41e553b8fd0eaace74b6dc034e0f6237c5e10aa737
vcczen.eu
vaniloin.fun
tmdr7.mom
chromeweb-authenticators.com
Attack Patterns
DeerStealer
TA0001
T1588
T1567
T1598
T1083
T1071
T1204
T1112
T1059