Threat actors use Google ads as the most common method for promoting their malware. In accordance with a new report from Malwarebytes, some fake Webex software ads were created by hackers that trapped users into downloading the BatLoader malware.
It began in Mexico. It was able to occupy the top spot in the search results for Webex on Google. Furthermore, it even used the official logo as well as the original URL “webex.com,” to trap the users. Despite the fact that Google takes precautions to guarantee that the URL displayed in an ad matches the user’s final destination URL when they click it, the analysis demonstrates that threat actors were able to exploit a vulnerability and drive people to unrelated websites.
How does it work?
Although the ads showed the URL Webex.com, users were directed to “trixwe.page.link”. Furthermore, there was a filter that screened out researchers and automatic web crawlers from accessing the visit. Hackers used this approach to mask their entire strategy. Other users were directed to “webexadvertisingoffer[.]com” which is a virus-infected website.
Some users even clicked on the download button, but to their surprise, instead of Webex, the BatLoader payload was installed. After the execution, the DanaBot malware was installed on the device. Notably, this malware has been available since 2018 and is responsible for screening the infected user’s computer for loading ransomware modules, taking screenshots, looking for passwords, hiding malicious traffic, and giving remote access via HVNC (Hidden VNC).
Response from Google
A person from Google reports that the protection of consumers is our ultimate goal. He added that the ads had been reviewed and that appropriate action had been taken against them. Well, whatever the situation may be, users must be vigilant and consider all the precautionary measures, like avoiding the promoted content on Google while searching for software and utilizing antivirus.
Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.