This dangerous malvertising campaign mimicks popular software to steal victim info

malware
(Image credit: Elchinator from Pixabay)

Cybersecurity researchers from HP Wolf Security have warned of several active campaigns looking to deliver different types of malware to unsuspecting victims via typosquatted domains and malvertising. 

The team explained in a blog post how they found threat actors creating multiple typosquatted websites impersonating popular software such as Audacity, Blender, or GIMP. 

The scammers also paid different ad networks to run ads, promoting these fake websites. That way, when people search for these programs, search engines might end up serving malicious versions of the websites right next to legitimate ones. If a user isn’t careful and does not double-check the URL of the website they’re visiting, they might end up in the wrong place.

TechRadar Pro needs you! We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Fake installers

If victims do end up in the wrong place, they’ll hardly notice the difference. The websites are designed to look almost identical to the authentic ones, down to the tiniest detail. In Audacity’s example, the site hosts a malicious .exe file masquerading as the program’s installer. It is named “audacity-win-x64.exe” and is more than 300MB in size. 

By being this big, the attackers try to avoid raising suspicion (malware is usually measured in KB), but also try to avoid antivirus programs. According to the researchers, some antivirus programs’ automatic scanning features don’t scan extremely large files.

The files are hosted on the 4sync.com cloud storage service, the researchers said, adding that all the fake installers in this campaign have been hosted there, hinting that a good defense mechanism might be to block access to this service entirely.

In the campaign, different types of malware are distributed. The largest campaigns the researchers have seen used this delivery approach to deploy the IcedID trojan, but the Vidar infostealer, BatLoader, and Rhadamanthys Stealer, have all been observed. According to HP Wolf Security, there’s been an uptick in these campaigns since November last year.

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
Trojan
Hackers hide malware into website images to go unnoticed
Robotic hand clicking on captcha 'I am not a robot'.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC