Hackers use Google ads to spread Fatalrat malware hidden as popular applications
0#cybersecuritynews #cybernews #cybersecuritynewstoday #cybersecurityupdates
https://gotopnews.com/post/1716082
Chinese -speaking individuals in Southeast and East Asia are the targets of a new bandit Google advertising campaign that offers remote access Trojan horses such as Fatalrat to machines thrown to the machines thrown. ESET, attacks, in a report published today, includes advertising slots and direct directing users to appear directly for looking for advertising slots and popular applications to appear in Google search results. Some of the applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, Line, Signal, Skype, Electrum, Socou Pinyin Method, Youdao and WPS office. "Web sites and installars downloaded from them mostly Chinese and China, which are not available in China, are incorrectly presenting Chinese language versions of the software."Said. The most important aspect of attacks is the creation of websites that seem to written areas that have a manuscript, but a substitute for Fatalrat, which has legitimate software to spread malicious instantist. In doing so, it provides full control of the attacker, including the execution of random shell commands, running files, harvesting data from web browsers and capturing key strokes. "The attackers have made some effort to be similar to the official names regarding the domain names used for websites. ""Fake websites are the same copies of legitimate sites in most cases." The findings come after Micro's Trend Micro's adobe, Google Chrome, Telegram and WhatsApp, stained software packages mimic purple FOX campaign that uses a fox campaign uses fox -vector to spread Fatalrat. "We could not verify whether these two investigations are dependent or not. ""Although there are some similarities , we could not find similarities in component chain used to deliver rats or in infrastructure used by attackers." In addition, to serve a wide variety of malicious software, Google ads take a wider abuse or alternative to identity hunting pages. In relevant development, Symantec, part of the Broadcom software, shed light on "very small" and "targeted" malware campaign called .NET -based implant frebniis.It is estimated that it is very focused. "The technique used by Frebniis to eliminate and analyze the technical, unsuccessful web page requests used by a DLL file , which involves injecting malicious code."Said. "This allows malware secretly monitor all HTTP requests and allow them to recognize specially shaped HTTP requests sent by the attacker and remote code." Cyber security firm connecting intact schools to an unidentified actor, currently running the Internet Information Services server Windows machine, said he did not know how to obtain access.