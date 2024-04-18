A new maladvertising campaign through Google with the moniker MadMxShell is leveraging several domains to replicate a legitimate IP scanner software.

Google Ads to push fake decoy domains as the top search engine results for keywords is how the threat actors were able to target victims. A backdoor zero-day exploit is used by the threat actor to deploy malicious software. This marks the first successful deployment of a Windows backdoor through the use of maladvertising techniques. The campaign originated in June 2023, and the threat actor was found to have enabled unlimited Google AdSense accounts. The backdoor can perform basic file manipulation as well as gather system information and run commands. The backdoor also employs obfuscation and evasion techniques like anti-dumping to prevent detection.

