Malwarebytes has recently discovered a malicious campaign where attackers are utilizing Google Ads to spread malware. The attackers are luring users onto fake websites that offer a counterfeit version of the popular text editor, Notepad++.
Despite operating for several months, this campaign has gone unnoticed. The true motive behind the attack remains unknown, but according to Malwarebytes, the most probable objective is to install the COBALT Strike post-exploitation tool.
As part of this cybercriminal campaign, the attackers are leveraging advertisements to target unsuspecting users. By disguising their malicious activities behind seemingly legitimate ads on popular platforms like Google, the attackers exploit the trust that users have in these advertisements.
Initially, the purpose of URLs was to indicate the location of various files on the Internet. Over time, however, URLs evolved to be used for addressing all types of internet resources.
You can read more about this discovery on Malwarebytes’ blog post.