A threat actor spreads #DanaBot using Google #malvertising via websites impersonating the Advanced IP scanner download page.

It has probably been targeting IT admins (valuable hosts) for several months.

Distribution infra of 40+ domain names:
advancd-ip-scanner.]com

⬇️

Me watching attackers pawn everybody through malvertising lures towards IT staff, meanwhile all our users have uBlock Origin forced in Edge, Chrome, and Firefox.

Malvertising injects malicious code into legit ads, exploiting ad network & browser vulnerabilities. When users interact, it redirects to malicious sites or downloads malware. Keep software updated & use ad-blockers! 🚫🖥️ #Malvertising #BrowserSecurity

X #Malvertising #FakeWallet
A malicious ad appears on my timeline🤣
im-token[.]us -> hxxps://im-token[.]us/down/imtoken.apk -> 738d0e0def50ddf40df81ed4ed2faf50e8a8db196360826e39e69de8981ed8aa
Collect and send mnemonic to remote server
C2: api.bvip[.]dev
MalwareHunterTeam

The latest update for #KnowBe4 includes 'Top Tax Scams of 2024 Your Organization Should Watch Out For' and 'Malvertising Campaigns Surged in 2023'.

#Cybersecurity #RiskManagement opsmtrs.com/3ZJvoEF

A threat actor distributes the #Sliver C2 framework via websites impersonating Advanced IP scanner / WinSCP / Putty, likely using malvertising.

Distribution website:
hxxps://advanced-ip-scann.]org/av/download.php

Sliver C2:
94.156.65.]115:8443

⬇️

Malvertising Campaigns Surged in 2023 dlvr.it/T5MfS7 ProtectTheClick!

✔️The attack chains use scripts loaded from the threat actor-controlled server ('jscdnpack[.]com'). This specifically targets a page structure that is common to several banks.

✔️The malware is delivered to targets by some other means like phishing emails or malvertising.

Microsoft has detected Danabot (Storm-1044) infections leading to hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of Cactus ransomware. In this campaign, Danabot is distributed via malvertising.

What are these? Developed in Delphi🤔

joesandbox.com/analysis/14046…

(now offline)
https[:]//traclom1[.]buzz/uptodate/data[.]zip
https[:]//www.checkthedifference[.]online/updates/info[.]zip

Perhaps related to some malvertising activities?

RussianPanda 🐼 🇺🇦 Yogesh Londhe crep1x

I think I speak for all corporate enterprises here. We want to see advertisements in the start menu. Malvertising is not a concern for any of us. 🤦‍♂️

#Hackers exploit Facebook ads & hijacked pages to push fake AI services like MidJourney, OpenAI's SORA & #ChatGpt -5, and DALL-E. They're spreading password-stealing malware. Malvertising schemes impersonate popular AI platforms, offering sneak peeks of fake features.

Microsoft warns of Cactus ransomware actors using malvertising to infect victims therecord.media/cactus-ransomw… The Record From Recorded Future News & jon greig

A Facebook page with 1.2 million followers claiming to offer free access to Midjourney AI got caught for pushing malware and infostealers.
|
bitdefender.com/blog/labs/ai-m…
|
#InfoSec #CyberSecurity #Malvertising #SocialMedia #Facebook #GenerativeAI #InfoStealers #MidjourneyAI

🚨Hackers deploy crypto drainers on 2,000 Wordpress websites 🚨

As originally reported last month by security firm Sucuri, a large amount of Wordpress websites was originally hacked in order to promote crypto drainers through malvertising and YouTube videos.

However, now the…

Malware analysts can leverage #SquareX 's Disposable Browser to analyze malvertising campaigns with safety.

Investigate suspicious ads on risky websites without risking your own system so you can strengthen #cybersecurity defences against malvertising: sqrx.io/651eg

I'm gonna be pessimistic but honest with you: I don't see any particular reason to believe that SEO hijacking and malvertising aren't just going to continue to get more and more popular in terms of the ways that malware gets on Windows machines in the months and years ahead.

'New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers'

#infosec #pentest #redteam
thehackernews.com/2023/11/new-ma…

Fake NordVPN ads in search results lead to remote access trojan SecTopRAT #malvertising
#adblock
malwarebytes.com/blog/threat-in…

Some names in cyber security are frankly awful, but round of applause for whoever came up with malvertising