Mars Stealer malware pushed via OpenOffice ads on Google

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Content source
https://www.bleepingcomputer.com/news/security/mars-stealer-malware-pushed-via-openoffice-ads-on-google/
" A new Mars Stealer campaign uncovered by Morphisec is using Google Ads advertising to rank cloned OpenOffice sites high on Canadian search results. "
Poisoning Google Search results with malicious ads

Poisoning Google Search results with malicious ads (Morphisec)
Click to expand...
OpenOffice is a once-popular open-source office suite now belonging to the Apache foundation and has been surpassed by LibreOffice, which started as its fork back in 2010.
However, OpenOffice still enjoys a respectable number of daily downloads from people who seek a free document and spreadsheet editor. Possibly, the threat actors didn’t clone the much more popular LibreOffice because that would result in a quick take-down due to numerous reports.

The OpenOffice installer on the phony site is, in reality, a Mars Stealer executable packed with the Babadeda crypter or the Autoit loader, so the victims are unknowingly infecting themselves.
Due to an error in the configuration instructions of the cracked version, the operator has exposed the victims’ 'logs' directory, giving full access to any visitor.
A log is a zip file containing data stolen by an information-stealing Trojan and uploaded to threat actors' command and control servers.
Click to expand...
www.bleepingcomputer.com

Mars Stealer malware pushed via OpenOffice ads on Google

A newly launched information-stealing malware variant called Mars Stealer is rising in popularity, and threat analysts are now spotting the first notable large-scale campaigns employing it.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: Venustus, Kongo, Gandalf_The_Grey and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
1648645738716.png

Unfortunately, Google Ads advertising can be used to locate a website with malicious downloads, very high in Google search. So, it is risky to open such websites.
 
Last edited by a moderator:
  • Like
Reactions: Venustus, Kongo, silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,230
Security News
Digmor Crusher
Digmor Crusher
nicolaasjan
    • Like
Malicious Notepad++ Google ads evade detection for months
Replies
0
Views
1,046
News Archive
nicolaasjan
nicolaasjan
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
FBI warns of search engine ads pushing malware, phishing
Replies
1
Views
856
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top