Criminals are exploiting Google Ads to distribute a malicious Chrome browser installer. The ad appears legitimate, using a Google Sites landing page to deceive users. The download, hosted on a mimicking domain, installs Chrome along with malicious code that communicates with a remote server to retrieve an encrypted payload. This payload includes a remote access Trojan capable of stealing user data. The same threat actors are linked to campaigns targeting Notion and Grammarly.
Blog Post: SecTopRAT Bundled in Chrome Installer Distributed via Google Ads
Practice Verified Codes and Commands:
1. Detecting Malicious Processes on Linux:
ps aux | grep -i 'chrome' | grep -v 'grep'
This command lists all processes related to Chrome, helping identify suspicious activity.
2. Monitoring Network Connections:
netstat -tuln | grep -E '(:80|:443)'
Check for unusual connections on ports 80 and 443, commonly used for malicious communication.
3. Analyzing Suspicious Files:
strings suspicious_file.exe | grep -i 'http'
Extract strings from a suspicious file to find URLs or commands.
4. Blocking Malicious Domains:
sudo echo "127.0.0.1 malicious-domain.com" >> /etc/hosts
Add malicious domains to the hosts file to block access.
5. Scanning for Malware with ClamAV:
sudo apt-get install clamav sudo freshclam sudo clamscan -r /home
Install and run ClamAV to scan for malware in the home directory.
6. Windows Command to Check Running Services:
[cmd]
sc query | findstr “RUNNING”
[/cmd]
List all running services to identify potential malicious ones.
7. Windows Command to Check Scheduled Tasks:
[cmd]
schtasks /query /fo LIST /v
[/cmd]
Review scheduled tasks for suspicious entries.
What Undercode Say:
The exploitation of Google Ads to distribute malware highlights the evolving sophistication of cybercriminals. By leveraging legitimate platforms like Google Sites, attackers can deceive users into downloading malicious software. The use of encrypted payloads and remote access Trojans underscores the importance of robust cybersecurity practices. Regularly monitoring network connections, analyzing suspicious files, and employing antivirus solutions are critical steps in mitigating such threats. Additionally, understanding the tactics used by threat actors, such as domain mimicry and payload encryption, can help in developing more effective defense mechanisms. For further reading on similar threats, visit Malwarebytes Blog. Always stay vigilant and keep your systems updated to protect against emerging cyber threats.
References:
Hackers Feeds, Undercode AI
