Cybercriminals often have to devise new methods to deliver their malicious payloads to unsuspecting users, which is why they are now being abused. Google Ads To distribute a new and dangerous malware.
according to New report (Opens in a new tab) From a cyber security company SybilIts security researchers recently discovered a new strain of malware called Rhadamanthys after the wise king of Crete from Greek mythology.
At the same time, Rhadamanthys also spreads through spam emails that contain a file Malicious PDF for an unpaid statement. However, these emails are used to target companies while the fake Google ads used in this campaign target consumers trying to download popular software.
Exploiting Google ads to spread malware
When you search on Google, the most relevant results are displayed at the top of the page, but sometimes, advertising can appear above the search results. In this case, you have to scroll down the page to find the company’s actual website.
Cybercriminals distributing Rhadamanthys malware use the way Google displays ads to their advantage in their new campaign as many users often click on the first result after performing a web search. To get more users to download their malware without their knowledge, they have created a number of phishing websites designed to mimic popular software including Zoom inAnd I am DiskAnd Notepad++ And BlueStacks.
While the user believes that he has clicked on an advertisement that takes him to the company’s official website, he is redirected to a phishing page designed to impersonate famous brands using their logos, fonts, etc.
According to Cyble, these phishing sites go one step further by making their installer files look like those of the legitimate apps they’re impersonating. However, instead of Zoom, AnyDesk, or other popular software, users inadvertently install Rhadamanthys malware on their systems.
Password theft, encryption and more
As an information maker, Rhadamanthys is designed to gather as much information as possible from its victims which is then transmitted to a command and control (C&C) server controlled by the attackers.
The malware collects system information from Windows computers including computer name, username, operating system version, RAM, CPU information, and more before looking for browser-related files such as browsing history, bookmarks, cookies, autofill, and login credentials. and more. Rhadamanthys is designed to target many of the top browsers including Chrome, Edge, Firefox and Chrome as well as some upcoming browsers such as Brave.
From here, Rhadamanthys is targeting Binance, Zcash, and a number of others Best crypto wallets and crypto wallet browser extensions. With the encrypted wallet credentials in hand, the malware can drain the user’s funds. However, it also follows FTP and email clients, Password managers such as RoboForm and KeePass, VPN services Including NordVPN, ProtonVPN, Windscribe VPN, messaging apps like Discord, Telegram, and others running on the victim’s system. Screenshots of the victim’s device are also captured and sent back to the command and control server.
Essentially, Rhadamanthys acts like a vacuum, malware capable of gathering all kinds of sensitive and personal information to use in future attacks or even commit Identity theft.
How to stay safe from malware and other online threats
Now that cybercriminals are using ads to trick users into visiting phishing websites that distribute malware, you need to be careful where you click. You should always scroll down to the actual search results when searching for something on Google rather than clicking on the ad, even if it’s tempting.
In fact, the FBI recently It is recommended to use an ad blocker Since fake ads in search results have become such a problem. If you can’t see the ads as they are blocked, you won’t click on them.
Likewise, you must have one of the The best antivirus software Solutions installed on your PC to help protect you from new malware strains like Microsoft’s own Rhadamanthys Windows Defender you may miss. If you’re on a Mac, you still need to The best Mac antivirus software Because cyber criminals are quite keen on finding ways to target Apple’s user base.
As Rhadamanthys is Malware as a Service That cybercriminals pay good money to use in their attacks, this likely won’t be the last we’ll see of this dangerous new hacker.
[ad_2]