FortiGuard Labs is aware of a report that the IcedID threat actor started to abuse Google pay per click (PPC) to distribute malware. Malicious ads displayed above search results lead to fake Web sites that mimic Web sites of the legitimate services. The fake Web sites offer a download link that leads to malicious installers that install IcedID to victims’ machines.Why is this Significant?This is significant because Google offers the largest search engine and ads in search results are seen by billions of people every day. The IcedID threat actor reportedly started to abuse Google search, which provides them a prominent platform for malware distribution. Also, the threat actor created fake Web sites that mimic Web sites of legitimate and popular services and applications to trick users into downloading and running malicious installers. How Does the Attack Work?When a search is made on Google, ads from the threat actor are displayed above an actual search result. Clicking the malicious ads redirect users to Web sites that that mimic Web sites of legitimate and popular services and applications. The fake Web sites have a link to download malicious installers that install IcedID to victims’ machines.What else?On December 21st, 2022, Federal Bureau of Investigation (FBI) released an advisory that cyber criminals are leveraging search engine advertisement services for malicious purposes. The advisory specifically calls out threat actors created fake crypto exchange platforms that users are lured into from ads on search results. The fake crypto exchange Web sites are designed to trick users into enter login credentials.What is the Status of Protection?FortiGuard Labs detect the Iced ID and relevant samples in the report with the following AV signature:W64/IcedId.F!trIcedID Command-and-Control servers and fake Web sites that distribute IcedID malware are blocked by Webfiltering.
More Stories
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...
USN-7179-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...
USN-7173-2: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...
swiftlint-0.57.1-1.fc42
FEDORA-2024-87d30b4fbf Packages in this update: swiftlint-0.57.1-1.fc42 Update description: Automatic update for swiftlint-0.57.1-1.fc42. Changelog * Fri Dec 20 2024 Davide Cavalca...
USN-7166-3: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7159-4: Linux kernel (IoT) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...