A new malware known as 'LOBSHOT' that is distributed via Google ads allows threat actors to gain control of infected Windows devices via VNC.
Several cybersecurity researchers reported a dramatic increase in the number of threat actors using Google ads to distribute malware in search results.
These ad campaigns supplanted websites for 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, Rufus and many more applications. However, these sites sent malware instead of distributing legitimate applications, including Gozi, RedLine, Vidar, Cobalt Strike, SectoRAT, and Royal Ransomware.
Example of a fake Google ad:
This software allows a threat actor to remotely control a Windows desktop computer, so access is complete.
Cyberpeace recommends that before downloading any software, you must validate that the download site corresponds to the official software site, and you must also validate using the Md5 hash of the software that you downloaded contains the same MD5 hash.
Written by:
Alberto Ávalos
Director of Incident Response and Threat Intelligence of Cyberpeace