Home Hacking Hackers using Google ads to spread ransomware: Report

Hackers using Google ads to spread ransomware: Report

by

While people are warned not to venture into unknown websites as there are high risks of getting hacked or installing malware into their systems, the bad actors are coming with ingenious ways of preying on naive users.

In the latest instance, threat actors are using Google ads with fake websites masquerading as a genuine service provider, but Instead, they are spreading Royal ransomware (DEV-0569).

The ads come with “the malicious files, which are malware downloaders known as BATLOADER, pose as installers or updates for legitimate applications like Microsoft Teams or Zoom.

When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that is decrypted and launched with PowerShell commands,” reported Microsoft Security Threat Intelligence team.

Once the malware gets inside the system, it is capable of disabling the security solutions such as anti-virus applications, and also the attacker can elevate from local admin to SYSTEM rights, similar to executing a scheduled task as SYSTEM.


Fake Team Viewer screengrab. Credit: Microsoft Security Threat Intelligence Team

Taking note of the severity of the threat, the company has upgraded its Microsoft Defender solution in Windows devices, and also Microsoft 365 is capable of detecting such phishing threats and killing them.

Also, Windows PC users are advised to turn on ‘network protection’ on Edge browser and other search browsers to block connections to malicious domains and IP addresses.

Must read | More security vulnerabilities detected on Google Chrome, security patch released

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech

Source link

Related Articles

Translate »