A recent discovery reveals a deceptive online advertising offensive utilizing counterfeit websites, including one imitating a credible Windows news outlet, to spread harmful software. These bogus sites promote the system analysis tool CPU-Z and other utilities like Notepad++, Citrix, and VNC Viewer. The campaign uses cloaking to show harmless content to some while leading others to malicious downloads.
According to Jérôme Segura from Malwarebytes, these malicious tactics involve a phony WindowsReport[.]com look-alike site. The cybercriminals design these sites to appear in search engine results and lure users into downloading malware-infected installers.
The installer found on the fake website embeds a pernicious PowerShell script and introduces a malware known as RedLine Stealer to the victim’s system. This method of using Google Ads to spread malware is not new; similar strategies have been used to distribute other malicious programs, such as ransomware and various Remote Access Trojans (RATs).
Furthermore, eSentire has exposed innovative tactics like the “Wiki-Slack” maneuver, which uses formatting vulnerabilities in Slack’s link preview to redirect users to malevolent sites. This scheme depends on the editing of Wikipedia articles to create a trap for users on Slack, demonstrating the evolution of cyber threats and the need for vigilance against such sophisticated phishing attempts.