Google Ads Being Used To Distribute Malware Downloader "BATLOADER"

Google Ads Being Used To Distribute Malware Downloader "BATLOADER"

The cybercriminals behind the malware downloader BATLOADER have recently been found to be using Google Ads to distribute secondary payloads, such as Vidar Stealer and Ursnif. The attackers are using malicious ads to impersonate legitimate apps and services like Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom.

 


BATLOADER is a loader responsible for disseminating next-stage malware, including information stealers, banking malware, Cobalt Strike, and even ransomware. The malware is known for its software impersonation tactics for malware delivery, achieved by setting up fake websites that host Windows installer files that masquerade as legitimate apps to trick users into clicking rogue ads on the Google search results page.

Once launched, the MSI installer files execute Python scripts that contain the BATLOADER payload, which retrieves the next-stage malware from a remote server. This marks a slight shift from the previous attack chains observed in December 2022 when the MSI installer packages were used to run PowerShell scripts to download the stealer malware.

eSentire, a cybersecurity company that analyzed the BATLOADER samples, said that the malware continues to improve since its emergence in 2022, revealing added capabilities that allow the malware to establish entrenched access to enterprise networks. According to eSentire, BATLOADER targets popular applications for impersonation, which are commonly found in business networks, and can provide more valuable footholds for monetization via fraud or hands-on-keyboard intrusions.

The use of Google Ads by cybercriminals is a growing trend that enables attackers to distribute malware more effectively. It is essential for businesses to stay vigilant and implement appropriate security measures to protect themselves from these kinds of attacks.

 

Popular posts from this blog

The Essential Role of Objectivity in Cybersecurity.

Image
The Essential Role of Objectivity in Cybersecurity. Introduction: In the ever-evolving landscape of cybersecurity, where threats are as dynamic as the technologies designed to counter them, one principle remains steadfastly crucial: objectivity. This post delves into what objectivity means in the context of cybersecurity, why it's essential, and how professionals can cultivate and maintain an impartial mindset, even when personal beliefs might be challenged. Understanding Objectivity in Cybersecurity: Objectivity in cybersecurity refers to the practice of basing decisions, strategies, and analyses on facts, evidence, and rational thinking, rather than on personal feelings or biases. This approach is vital for accurate threat assessment and unbiased decision-making, which are cornerstones for effective security protocols. The Importance of Objectivity: The absence of objectivity in cybersecurity can lead to grave consequences. Subjective decision-making increases the risk of overlo
Read more

What Is The OSI Model? (Tech Lesson)

Image
What Is The OSI Model? Here at CyberFreakz, we like to educate as well as inform. Today, we will be discussing the OSI model. The OSI (Open Systems Interconnection) model is a conceptual framework that defines how data is transmitted over a network. It is a seven-layer model that was created in 1984 by the International Organization for Standardization (ISO) to facilitate communication between different computer systems. In this blog, we will go over each layer of the OSI model and explain their functions.   Layer 1 - Physical Layer : The physical layer is the first layer of the OSI model. It is responsible for the physical transmission of data over a network. This layer defines the physical characteristics of the network, such as the cable types, connectors, and transmission rates. It also defines the way that data is represented and transmitted over the network. Layer 2 - Data Link Layer : The data link layer is responsible for the reliable transmission of data between two devices.
Read more

10 Best Cyber Security Practices

Image
10 Best Cyber Security Practices. **10 Best Security Practices for Everyday Users based on NCSC Guidance:** 1. **Use Strong, Unique Passwords:**      - Use three random words to create a strong password. For example: 'CoffeeTrainBook'.    - Do not reuse passwords across multiple sites or services.    - Avoid easily guessable passwords like 'password123' or 'letmein'. 2. **Implement Two-Factor Authentication (2FA):**    - Whenever possible, enable 2FA for online accounts. This provides an additional layer of security beyond just a password.    - Use authenticator apps, SMS codes, or hardware tokens as the second factor. 3. **Regularly Update Software:**      - Always keep operating systems, apps, and software up to date.    - Enable automatic updates when possible to ensure that you receive the latest security patches. 4. **Backup Important Data:**     - Regularly back up important data, whether it's photos, documents, or other files.    - Use both online (cl
Read more