Malicious Google Ads has discovered that it is advertising a fake IP scanner that just wants to steal your data
Security researchers have discovered a new malicious advertising campaign in Google Ads, where hackers impersonate multiple legitimate software companies.
While certainly not the first of its kind, this campaign was said to be unique for spreading an advanced Windows backdoor.
The campaign was first noticed by cybersecurity researchers at Zscaler Threat Labs, who noted that unidentified threat actors registered at least 45 domains between November 2023 and March 2024. They were all typed versions of port scanning and IT management software companies such as Advanced IP Scanner, Angry IP Scanner, IP Scanner PRTG and ManageEngine.
New malware
Then they somehow managed to create an advertising campaign on Google Ads to promote these sites. Typically, hackers would do this by gaining access to a legitimate Google Ads account, possibly one with a proven track record of “clean” ads.
As a result, anyone searching for this type of software on Google would see these ads at the top of the search engine results page, as well as in other locations reserved for ads. Those who would open the site and download the programs offered there would eventually get the MadMxShell backdoor.
This back door, The hacker news reports, is a brand new piece of malware. The infection chain is relatively long and involves multiple DLL and EXE files.
“The backdoor uses techniques such as multiple stages of DLL side-loading and DNS tunneling for command-and-control (C2) communications as a means to bypass endpoint and network security solutions, respectively,” the researchers explain.
“Additionally, the backdoor uses evasive techniques such as anti-dumping to prevent memory analysis and hinder forensic security solutions.”
So far, investigators don’t know who the attackers are, or what their motives for the campaign might be. A backdoor has countless applications, from data theft and spying to unauthorized access, setting persistence and even remote control.