In recent months the campaigns malvertising are raging online, unwillingly involving an IT giant considered unassailable like Google.
The network of Google Adsin fact, is now besieged by various advertisements which, exploiting the names of legitimate softwarethey bring users to sites phishing or directly spread malicious agents.
The latest campaign, which joins the others recently discovered, uses the name of renowned programs such as Advanced IP Scanner, Slack, WinSCP e Cisco AnyConnect to direct you to malicious websites. Following a search for eFeelit was possible to better define the operation in question, which seems to be focused against companies and public bodies in America and Europe.
The campaign was born from some account Google of professionals stolen and exploited to set up advertising campaigns. To gain access to them, techniques are exploited social engineering combined with malware or, more simply, compromised accounts are purchased on Dark Web.
Fake ads exploited to spread BlackCat: Google Ads still in the sights of cybercriminals
Once the campaign is set up, cybercriminals direct potential victims to websites that allow the download of the aforementioned software. The platforms in question, as per practice, are graphically prepared to appear as plausible as possible and to mislead the greatest number of people.
The malware spread through this channel, i.e Nitrogenit is then used to download onto infected devices BlackCat which in turn acts as usual for ransomware, complete with a ransom request for the encrypted files. The nature of Ransomware-as-a-Service (RaaS) by BlackCat, makes it difficult to understand who the creators of this campaign actually are.
For ordinary users, the advice to avoid fake ads is always the same. Rely only on official sites for downloading software and, before downloading files, check the URL of the site in question. In case of a suspicious address, it is better to leave the website immediately without interacting with it.