Among the various malware diffusion channels, legitimate advertising systems are becoming increasingly popular.
The latest sensational case in this sense sees the infamous as the protagonist ransomware BlackCat (also known as ALPHV). Second Threat Response Unit Of eFeelIn fact, cybercriminals are exploiting it Google Ads to spread their attack on a large scale.
BlackCat, in terms of number of attacks and targets, is considered one of the major global threats regarding ransomware, with operations also identified in the Europen context. The report proposed by the experts highlighted several cases that occurred during the same weeks, with the malicious agent spread through the practice known as malvertisingright through the network managed by Google.
The new tactic observed by eSentire showed the use of Google Ads to promote popular software such as Advanced IP Scanner e Slackleading victims, typically professionals, to malicious websites controlled by attackers.
Users, thinking of obtaining and installing the aforementioned apps, actually find their computer infected with the dreaded malware Nitrogen.
BlackCat, the Nitrogen malware and the new malvertising campaign
Nitrogen is strategically adopted by the ransomware group as an entry point for the device, to then implement the procedure that triggers BlackCat.
In this regard, Threat Response Unit explained how Nitrogen exploits Python libraries blurred theoretically legitimate but which, specially modified by hackers, turn out to be loader malware.
Once BlackCat is activated, it acts as usual in the ransomware context, going to encrypt the data on the computer and demanding a ransom from the victim to regain access to them.
To avoid what prove to be real disasters at a company level, experts advise maximum caution. In this regard, the first step is to always check the site from which you are downloading software produceravoiding those who turn out to be suspicious “intermediaries”.
Due to the increasingly frequent cases of malvertising, this control is a must even when it comes to websites advertised by theoretically reliable advertising systems such as Google Ads.