Chinese consumers attempting to access banned communication apps such as Telegram are being targeted by attackers attempting to introduce a variety of malware.
That's according to a new report from Malwarebytes' Jérôme Segura, who discovered that anonymous hackers are using two Google Ads accounts to publish malicious ads.
Both accounts are from Nigeria and were either previously compromised or built from scratch for this specific use.
These accounts were used to create ads pointing to pages masquerading as download sites for Telegram, WhatsApp, LINE, and other communication apps that are prohibited beyond the Great Firewall. Consumers who previously searched for these apps online will be targeted and shown these ads. Those who fall into the trap and download the app will receive variants of the PlugX and Gh0st RAT malware.
“Threat actors also appear to be emphasizing quantity over quality by continually pushing new payloads and infrastructure as a command and control function,” Segura said in the report.
The campaign appears to be a continuation of a campaign called “FakeAPP” that targeted users in Hong Kong in a similar manner in late October last year.
Malicious advertising is nothing new. Hackers are constantly targeting Google Ads accounts as well as Facebook Business accounts used to advertise on the Facebook platform. Because all ads go through multiple hoops before being allowed to run, using a verified account that already had a legitimate active campaign in the past could open the door for threat actors to smuggle out their own campaigns. will increase.
As always, the best way to fight back is to create strong passwords for such accounts and update them regularly. Enabling MFA can also be helpful. On the consumer side, it's best to use common sense and be skeptical of anything that sounds too good to be true. Consumers should also be aware of the URLs of websites they visit, type addresses instead of searching whenever possible, and stay away from hacked, cracked, and jailbroken software.
From Hacker News