Cyber criminals are using fake advertising to distribute malware

Jimmy2x

Posts: 141   +11
Staff
Why it matters: Cyber criminals are constantly analyzing the technology space for new ways to exploit users and obtain their personal data. In the past, phishing attacks have been leveraged to trick users into providing sensitive information by posing as a credible source and requesting the user's data. But according to Cisco's Talos threat intelligence organization, a new malicious campaign has been gaining traction as an effective method to harvest information from unknowing users.

Known as malvertising, Cisco's Talos Intelligence believes a specific campaign known as "Magnat" uses fraudulent online advertising to trick users that are searching for legitimate software installers. The Cisco threat intelligence team believes the Magnat campaign may have started in late 2018 and targets users in Canada, the United States, Australia, and several other European nations.

Once a user is directed to the fraudulent download, they run a fake installer that deploys three distinct pieces of malware to their system. While the fake installer gets to work installing multiple malware components, it does not install the actual application the user was originally searching for.

The first piece of malware is a password stealer used to collect user credentials, often via a common tool known as Redline. Another piece of malware, known as MagnatBackdoor, sets up remote access to the user's device via Microsoft Remote Desktop. This access, combined with the user credentials stolen by Redline (or a similar tool), can provide unfettered access to the user's systems despite being secured and firewalled. The final piece of the malware trifecta is a Chrome browser extension known as MagnatExtension, which is used for keylogging, obtaining screenshots of sensitive information, etc.

An August 2021 tweet provided screenshots and download samples of a suspected malvertising campaign. Talos analyzed the samples referenced in the tweet and verified at least one sample contained the MagnatBackdoor, MagnatExtension, and Redline malware components.

Talos believes the Magnat tools have been developed and improved over the course of several years and show no signs of slowing down anytime soon. The installer package's name is constantly evolving and typically references the name of popular applications to lend credibility and trick users into deploying the package. Examples of past package names include viber-25164.exe, wechat-35355.exe, build_9.716-6032.exe, setup_164335.exe, nox_setup_55606.exe and battlefieldsetup_76522.exe.

Permalink to story.

 

nismo91

Posts: 1,255   +304
Anyone remember the download.com adware bundle many years ago? say you're looking for a free legitimate software like adobe pdf reader. the first result in google search usually leads to download.com and naturally you can download it for free there.

except, when you install it, you get a whole lot more than adobe pdf reader. an ad-ridden toolbar, other software you do not want and sometime a virus disguised as an "super pc cleaner" etc.
 

bviktor

Posts: 1,061   +1,543
And then came the centralized, vetted stores to fight this exact issue.

And then came all the ignorant users complaining about centralization and limitations and monopolies and M$ suxxxx and so on.

It's all just an infinite cycle with people having a memory comparable to that of a housefly.
 

Uncle Al

Posts: 9,323   +8,522
Yep, this would be a good candidate for an international effort. Once these guys are caught and prosecuted they would be lined up naked and shot with low caliber, rusty musket balls covered in salt out in the desert no where near any source of water. All of this would be televised world wide as a warning and of course, a great source of entertainment ......
 

Burty117

Posts: 4,602   +2,902
And then came the centralized, vetted stores to fight this exact issue.

And then came all the ignorant users complaining about centralization and limitations and monopolies and M$ suxxxx and so on.

It's all just an infinite cycle with people having a memory comparable to that of a housefly.
What? The issue with centralised "only a single store" is clear, its a monopoly and everyone gets screwed, it costs more for the consumer and the developer makes less money.

Truthfully, I think Android does it right, make a standard store where it's easy to get apps and everything but if you're technically inclined you can manually install another store or apps from other sources.

That way you cater to people like my mum who can barely work a TV so she's safe using the default store, then people like myself who is clever enough to sniff out a sh*t app or virus, can install what I want.
 

Dimitrios

Posts: 1,075   +889
Yep, this would be a good candidate for an international effort. Once these guys are caught and prosecuted they would be lined up naked and shot with low caliber, rusty musket balls covered in salt out in the desert no where near any source of water. All of this would be televised world wide as a warning and of course, a great source of entertainment ......
[/QUOFir

Or grind up a large amount of apple seeds everyday and watch them suffer a painful slow death ha ha. ;-)