The campaign of malvertising known as UNC2975identified in mid-2023, was finally blocked from search engine advertising channels, putting an end to a real threat to those browsing online.
Through this operation, cybercriminals have long spread the backdoor DANABOT e DARKGATE, quite dangerous malevolent agents. The campaign dismantling operation was possible thanks to the collaboration between Mandiant and the Anti-Malvertising section Of Google.
To attract potential victims, UNC2975 malicious ads featured websites about collecting funds. Through these, malicious agents such as PAPERDROP e on paperin turn used to download the aforementioned backdoors.
UNC2975: just one of the many cases of malvertising in recent months
The malvertising phenomenon is, nowadays, one of the biggest online threats. Mandiant knows something about it and is currently keeping track of ben 30 clusters of malicious adscapable of spreading various malware, including the dreaded ones infostelaer. In the case of UNC2975, the high level of danger was mainly due to the malicious agents distributed.
DANABOT, for example, is a fearsome backdoor based on Delphiwhile DARKGATE falls into the category of MaaSor i Malware-as-a-Service.
With UNC2975, different types of sites were exploited, the majority of which offered easy profits or similar lures, then exploiting techniques such as cloaking (a way to select potential victims, directing only them towards the malicious website) ei redirects to avoid the defensive systems of Google Ads.
Although the famous search engine is very attentive to the security of its advertisements, the enormous number of traffic affecting this sector makes it impossible to avoid the infiltration of cybercriminals regardless.
Users are therefore advised to maintain a high level of attention and constantly update theirs browser e operating systems to avoid real disasters.