Google Advertising Out to Lunch? Simple Pivots Catch an Ongoing Malvertising Campaign Hiding in Plain Sight
(www.silentpush.com)
from Joker@sh.itjust.works to cybersecurity@infosec.pub on 13 Dec 22:39
https://sh.itjust.works/post/29450849
from Joker@sh.itjust.works to cybersecurity@infosec.pub on 13 Dec 22:39
https://sh.itjust.works/post/29450849
> - Silent Push Threat Analysts have caught a threat actor’s ongoing series of malvertising campaigns blatantly abusing Google Search ads to target graphic design professionals.
> - We documented at least 10 malvertising campaigns hosted exclusively on two IP addresses: 185.11.61[.]243 and 185.147.124[.]110.
> - Together with our research partners, we found that the sites from the two IP addresses were being launched in Google Search advertising campaigns, and all of them led to malicious downloads.
Key Findings
threaded - newest
Wow, somebody is hunting mechanical engineers - hopefully none doing significant work get duped.
I’d be curious if the malicious downloads are basic viruses, or are something specialized to exfiltrate cad drawings, or something even more complex to subtly alter designs and cause harm