Search
Items tagged with: malvertising
There is a live Google search #malvertising campaign targeting #KeePass users. The malicious domain name uses Punycode to trick victims.
Clever malvertising attack uses Punycode to look like KeePass's official website
Threat actors are doubling down on brand impersonation by using lookalike domain names./blog/authors/jeromesegura (Malwarebytes)
Sophos has observed malicious advertisements targeting ChatGPT users ⚠️
1️⃣ Google search for "chat gpt"
2️⃣ Google Ad Click Redirect to fake ChatGPT website 🎣"eicnhdcb[.]online"
3️⃣ File download via transher[.]sh
➡️ ChatGPT.zip\chatgpt.exe
#IOCs: https://www.virustotal.com/gui/file/db0270b977bf68fb8ce2e161bae88c7dd4ed82866b3bbc3d6c8a713edc69db53/relations
#InfoStealer C2: 45.93.201.114
🔗 https://urlscan.io/result/f7bcab56-71c6-45ac-930a-adb057467920
#CTI #ThreatIntel #malvertising
1️⃣ Google search for "chat gpt"
2️⃣ Google Ad Click Redirect to fake ChatGPT website 🎣"eicnhdcb[.]online"
3️⃣ File download via transher[.]sh
➡️ ChatGPT.zip\chatgpt.exe
#IOCs: https://www.virustotal.com/gui/file/db0270b977bf68fb8ce2e161bae88c7dd4ed82866b3bbc3d6c8a713edc69db53/relations
#InfoStealer C2: 45.93.201.114
🔗 https://urlscan.io/result/f7bcab56-71c6-45ac-930a-adb057467920
#CTI #ThreatIntel #malvertising
The #malvertising campaigns via Google Ads are not just about software downloads and scams. They also include phishing for popular password managers such as 1Password.
The differences are so subtle, most people will fall for it.
Real URL:
https://my[.]1password.com/signin
Phishing URL:
https://my1pasword[.]com/signin
The differences are so subtle, most people will fall for it.
Real URL:
https://my[.]1password.com/signin
Phishing URL:
https://my1pasword[.]com/signin
