Cybersecurity researchers have discovered a new ad campaign on the Google Ads network that pushes malware into unsuspecting victims’ final point. What makes this malicious ad campaign different from others is the fact that the malware delivered is virtually undetectable to today’s antivirus solutions.
Threat actors made it work by building code that only the virtual machine could understand. If the victims run malwareThe virtual machine can translate the code back to the original code and run the malicious operating program.
The researchers, from SentinelLabs, explain about MO: “Virtualization frameworks like KoiVM obfuscate executables by replacing native code, such as NET Common Intermediate Language (CIL) instructions, with virtualization code that only the virtualization framework can understand.”
Provide form book
“A virtual machine engine executes virtualized code by translating it into native code at runtime.”
This type of malware also makes it difficult to analyze, the researchers added: “When used for malicious purposes, virtualization makes malware analysis difficult and can also make malware analysis difficult. attempts to evade static analysis mechanisms.”
The malware being distributed this way is Formbook, a known information stealer. Its virtualized version is dubbed “MalVirt”. To trick people into downloading malware, the threat actors created a number of fake websites, posing as landing pages where people could download Blender 3D software.
Blender 3D is a popular 3D modeling, rendering and animation program.
This isn’t the first time Google’s ad network has been abused to deliver malware. At the end of December last year, researchers discovered a large campaign impersonating several popular programs and apps, such as Grammarly, MSI Afterburner, and Slack, to offer IceID and Racoon Stealer, both both are information-stealing malware.
Malicious campaigns that find their way to Google Ads are arguably more dangerous, as people tend to trust big tech companies by default. However, the best way to stay safe is to always double-check a website’s address, regardless of whether it’s advertised on Google or not.
Via: BleepingComputer (opens in a new tab)
