Malware News Google ads push malicious CPU-Z app from fake Windows news site

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,232
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.

The new campaign was spotted by Malwarebytes analysts who, based on the backing infrastructure, asses that it is part of the same operation that used Notepad++ malvertising to deliver malicious payloads.

The malicious Google advertisement for the trojanized CPU-Z, a tool that profiles computer hardware on Windows, is hosted on a cloned copy of the legitimate Windows news site WindowsReport.

CPU-Z is a popular free utility that can help users monitor different hardware components, from fan speeds, to CPU clock rates, voltage, and cache details.

Clicking the ad takes the victim through a redirect step that tricks Google’s anti-abuse crawlers by sending invalid visitors to an innocuous site.

Those deemed valid to receive the payload are redirected to a Windows news site lookalike hosted on one of the following domains:
  • argenferia[.]com
  • realvnc[.]pro
  • corporatecomf[.]online
  • cilrix-corp[.]pro
  • thecoopmodel[.]com
  • winscp-apps[.]online
  • wireshark-app[.]online
  • cilrix-corporate[.]online
  • workspace-app[.]online
To minimize the chances of malware infections when looking for specific software tools, users should pay attention when clicking on promoted results in Google Search and check the if the loaded site and the domain match, or use an ad-blocker that hides them automatically.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top