Hackers are increasingly using ad tools and marketing gimmicks to sell their work

News
By published

Turns out criminals also want to know who interacts with their copy

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

Hackers are increasingly using ad tools and marketing gimmicks to try and stand out from the crowd, new research from HP Wolf Security has claimed.

In the marketing and advertising world, user interaction is one of the key performance indicators, and professionals use different tools to see which ads people click on more, and which ads they ignore - allowing them to optimize their messages and campaigns for maximum impact.

Now, according to HP Wolf Security’s latest Threat Insights Report, hackers are doing something similar. Observing the DarkGate campaign, the researchers saw threat actors using malicious PDF attachments, posing as OneDrive error messages, which direct users to sponsored content hosted on popular ad networks.

Delivering DarkGate

The end-goal for this campaign is to deliver DarkGate, a piece of malware first spotted in 2018, that now comes with a wide variety of tools. Generally speaking, DarkGate is a loader, allowing threat actors to deploy more dangerous malware in later stages of the compromise. However, some researchers pointed out that DarkGate is also capable of stealing credentials from the target endpoints, and granting remote access. 

By using ad services, the researchers further explain, threat actors can also analyze which of their lures generate most interest among their targets, helping them hone their campaigns and improve their efficiency.

They’re also using CAPTCHA tools, preventing sandboxes from scanning their malware and making sure only actual humans click.

Elsewhere in the report, HP Wolf Security says the trend of moving away from macro-enabled Office attacks is still ongoing. However, this type of attacks still has its place, “particularly for attacks leveraging cheap commodity malware like Agent Tesla and XWorm”.

Finally, PDF malware is on the rise, with 11% of malware analyzed in Q4 2023 using PDFs to deliver the payload, up from just 4% in Q1 and Q2 of the same year. A notable example, the researchers said, was a WikiLoader campaign using a fake parcel delivery PDF to trick users into installing Ursnif malware.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Robotic hand clicking on captcha 'I am not a robot'.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Trojan
Hackers hide malware into website images to go unnoticed
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Latest in News
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
More about security
IBM office logo

IBM to provide platform for flagship cyber skills programme for girls
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

A Minecraft sheep.

Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
See more latest
Most Popular
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Visual Intelligence identifying a dog
AirPods with cameras for Visual Intelligence could be one of the best personal safety features Apple has ever planned – here's why
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Apple iPhone 16 Review
New iPhone 17 report lends weight to rumors of major display and camera upgrades, and a pricey Apple foldable
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Sky Glass Gen 2
It's a Glass act: the next generation of Sky Glass TV is now at Currys
Teams
Microsoft Teams is finally adding a tiny but crucial feature I honestly can't believe it never had
Apple Watch Ultra 2 move data
Apple is reportedly planning a huge future Apple Watch upgrade to turn it into an AI device with onboard cameras