Tag: google ads

5 Attack Reports | 0 Vulnerabilities

Attack reports

Gootloader Returns: Malware Hidden in Google Ads for Legal Documents

The Gootloader malware campaign has evolved its tactics, now using Google Ads to target victims seeking legal templates. The threat actor advertises legal documents, primarily agreements, through compromised ad accounts. Users searching for templates are directed to a malicious website where they a…
social engineering
powershell
javascript
google ads
gootloader
scheduled tasks
2025-04-03
email phishing
wordpress blogs
legal templates
Published: April 3, 2025
Downloadable IOCs: 0

Thunderstruck! Malicious ads for RVTools lead to ThunderShell payload

A security incident involving malicious sponsored ads distributing backdoored administrative tools was detected. Users searching for RVTools were served a tampered version containing ThunderShell, a PowerShell-based remote access tool. The malicious ads, appearing in Google search results, led to a…
malvertising
powershell
icedid
google ads
c2
remote access tool
2025-04-03
thundershell
rvtools
trojanized software
Published: April 3, 2025
Downloadable IOCs: 0

Microsoft advertisers phished via malicious Google ads

Malicious actors are targeting Microsoft advertisers through fraudulent Google ads, aiming to steal login credentials for Microsoft's advertising platform. The campaign involves sophisticated techniques like cloaking, Cloudflare challenges, and redirection chains to evade detection. Phishing pages …
phishing
credential theft
google ads
2025-01-31
Published: January 31, 2025
Downloadable IOCs: 101

Hello again, FakeBat: popular loader returns after months-long hiatus

FakeBat, a loader previously known as Eugenloader and PaykLoader, has resurfaced after a three-month absence. The malware was distributed through a malicious Google ad impersonating the productivity application Notion. The attack chain involves a tracking template, cloaking domain, and a decoy site…
loader
obfuscation
malvertising
powershell
lummac2
stealer
fakebat
google ads
brand impersonation
2024-11-11
Published: November 11, 2024
Downloadable IOCs: 19

D3F@ck Loader, the New MaaS Loader

In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated via Google Ads. This new loader, which debuted on hacking forums in January 2024 (Figure 1), can allegedly bypass several key security features such as Google Chrome, Edge…
loader
phishing
danabot
2024-05-21
google ads
smartscreen
c2 server
figure
inno setup
microsoft
unit
cyber
fileswindows nt
threat response
Published: May 21, 2024
Linked vulnerabilities : CVE-2024-3400
Downloadable IOCs: 3
Click here to see more Attack Reports