Google Ads Being Used To Distribute Malware Downloader "BATLOADER"
Google Ads Being Used To Distribute Malware Downloader "BATLOADER" The cybercriminals behind the malware downloader BATLOADER have recently been found to be using Google Ads to distribute secondary payloads, such as Vidar Stealer and Ursnif. The attackers are using malicious ads to impersonate legitimate apps and services like Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER is a loader responsible for disseminating next-stage malware, including information stealers, banking malware, Cobalt Strike, and even ransomware. The malware is known for its software impersonation tactics for malware delivery, achieved by setting up fake websites that host Windows installer files that masquerade as legitimate apps to trick users into clicking rogue ads on the Google search results page. Once launched, the MSI installer files execute Python scripts that contain the BATLOADER payload, which retrieves the next-stage malware from a remote server. This marks a slight shi