Malicious Google Ads are becoming popular among threat actors as an infection vector for malware. Due to this, it is highly recommended to use an adblocker software when performing Google searches, particularly when searching for popular applications like Chrome or Telegram. This can help prevent a user from accidentally clicking on one of these malicious advertisement websites as opposed to the software’s legitimate site. Likewise, it is important to always double-check the URL of a website for typos or additional characters before downloading software. This can help prevent accidentally mistyping a URL or falling victim to search order hijack attacks. It is also recommended to install and maintain security software on all devices in an environment, to help prevent or detect malware infections. When prevention of the malicious installation fails, detection can help alert an organization to a potential infection. The infection chain of this campaign uses a number of techniques that can be considered suspicious in normal usage. Programs executing from the ProgramData folder, unauthorized connections to the Alibaba Cloud service, an unknown process creating multiple scheduled tasks, and abnormal processes executing system commands are all behaviors that this campaign exhibits that would be considered suspicious under everyday system usage. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.
https://thehackernews.com/2023/02/hackers-using-google-ads-to-spread.html
https://www.welivesecurity.com/2023/02/16/these-arent-apps-youre-looking-for-fake-installers/
