By Gagandeep Singh
These threat attackers are targeting the software products users are looking to download, including - Grammarly, Malwarebytes, MSI Afterburner & more.
The attacker replicates the official websites of the software products & then spreads malware versions of these products when users click on download.
Malicious software that the victim gets includes the variants of Racoon Stealer & the IceID malware loader.
TrendMicro and Guardio Labs explain that the threat attackers reached the broader user base by promoting their websites via running Google Ad campaigns!
Threat actors then apply tricks to bypass Google's automated checks.
The trick is to make victims click on the Ad and then take them to an unrelated site from there, redirecting them to the malicious site.
As the targeted users visit the duplicate website, then the server immediately redirects them to the rogue website and, from there, to the malicious payload.
So the users get the legitimate software as well as the malware which would install silently.