Researchers made an effort to warn users last year not to click on Google Ads in search results, but it appears those warnings went unheeded, as hackers continue to use malicious ads to infect unsuspecting users with malware.
Malvertising, or malicious advertising, has grown in popularity among cybercriminals as phishing attacks and malicious apps have become less effective. Instead, hackers are now purchasing advertising space on Google Search and other search engines in order to trick users into installing malware.
One way they do this is by imitating well-known brands. So far, we've seen hackers pose as Amazon, USPS, CCleaner, Notepad++, and other prominent brands. According to a report from the email security firm Vade, Facebook and Microsoft continue to be the most impersonated brands since 2020.
Unsuspecting PC users who click on an advertisement in this new campaign are led to a fake download portal that looks authentic to the unwary eye. Instead of CPU-Z, though, the website offers a digitally signed MSIX installer that includes a malicious PowerShell script for the FakeBat loader.
Malware loaders, as their name implies, are similar to malware droppers on your smartphone in that they are used to infect your computer with malicious software. This loader downloads and installs the Redline stealer onto a targeted PC. The personal information of a victim can be acquired through this malware via the theft of credit card numbers, VPN passwords, saved passwords, system data, cryptocurrency wallets, browser histories, and cookies.
Another intriguing aspect of this campaign is that not every user who clicks on these malicious CPU-Z advertisements is redirected to a fake download page. Those who aren't being targeted are instead directed to what looks to be a typical blog with several articles on it.
