CyberNews Briefs

Google PPC Ads Used to Deliver Infostealers

Researchers have traced the origins of several increasingly popular information stealers, including Tesla, Taurus, Amadey, and redline. The investigation found that threat actors are delivering the information stealers through pay-per-click ads that appear in Google’s search results, allegedly paying high prices for results for AnyDesk, Dropbox, and Telegram apps that lead to malicious websites. Breach prevention firm Morphisec posted an advisory on Wednesday stating that it has investigated the paid ads’ origins as they appear on the first page of search results.

Morphisec stated that Google PPC ads targeted specific IP ranges in the US whereas non-targeted IPs are redirected to legitimate pages that allow the target to download the correct applications rather than receiving a malicious web page loaded with information stealers. Last week, rigged AnyDesk ads delivered a trojanized version of the program. This malicious campaign actually outperformed AnyDesk’s own ad campaign on Google, resulting in the illegitimate operation ranking higher in its paid results. Morphisec researchers also found that two of the adversaries, Redline and Taurus, use similar patterns, certificates, and command-and-control centers.

Read More: Google PPC Ads Used to Deliver Infostealers

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.