China-speaking residents of East and Southeast Asia became the target of the new fraudulent campaign of Google ADS, which delivers trojan of remote access, such as Fatalrat.
According to the report of ESET, published today , the attacks included the purchase of advertising places for showing in the tops of the Google search results. So users, in attempts to download popular programs, fell on fraudulent websites on which Trojan installers were located.
Here are only part of fake programs, instead of which attackers slipped the harm: Google Chrome, Mozilla Firefox, Telegram, WhatsApp, Line, Signal, Skype, Electrum, Sogou Pinyin Method, YouDao and WPS Office.
Websites and installers loaded from them were mainly in Chinese. What is funny, since in some of these programs, Chinese localization is inaccessible in principle. In general, attackers were definitely something to interest their victims.
advertising attacks mainly touched the inhabitants of Taiwan, China and Hong Kong. To a lesser extent, the inhabitants of Malaysia, Japan, Filipin, Thailand, Singapore, Indonesia and Myanmar.
got.
Fatalrat, deployed after the installation of fake programs, provides the attacker with complete control over a computer computer, including the execution of arbitrary command line commands, launching files, collecting data from web browsers and capturing keys of keys.
“Attackers made some efforts in relation to domain names used for their websites, trying to be as similar to official as possible. Fake websites in most cases are outwardly identical copies of legitimate sites,” said representatives of ESET.
ESET observed such attacks from August 2022 to January 2023. Of course, at the time of publication of this news, Chinese harmful advertising has already been deleted.
Recall, Google ADS is far from the first to be used for phishing and distribution of fake programs. In January alone, we wrote about copies of sites of popular programs for home and office, as well as about the fake site of the BitWarden password manager.
such fraudulent tricks can be easily avoided using advertising locks that remove the paid malicious sites from the TOP search results. However, ordinary attentiveness when checking the domain is also enough. After all, if you do not switch to phishing sites, then the likelihood of downloading from the Internet malicious software tends to zero.