New LOBSHOT malware gives hackers hidden VNC access to Windows devices

[CyberTech]

Content source

https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/

A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.

Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.

These advertising campaigns impersonated websites for 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, Rufus, and many more applications.

However, these sites pushed malware instead of distributing legitimate applications, including Gozi, RedLine, Vidar, Cobalt Strike, SectoRAT, and the Royal Ransomware.

Full article

New LOBSHOT malware gives hackers hidden VNC access to Windows devices

A new malware known as 'LOBSHOT' distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.

www.bleepingcomputer.com

 

[Andy Ful]

Interesting:

Once executed, the malware will check if Microsoft Defender is running, and if detected, terminate execution to prevent detection.

However, if Defender is not detected, the malware will configure Registry entries to start automatically when logging in to Windows and then transmit system information from the infected device, including running processes.

The infection chain:
Google Ads ----> weaponized MSI installer ----> PowerShell -----> run DLL malware
is pretty common nowadays. This attack vector avoids using EXE files which are better detected by AVs.