Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
Apr 18, 2024
Malvertising / Endpoint Security
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell . "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites," Zscaler ThreatLabz researchers Roy Tay and Sudeep Singh said . As many as 45 domains are said to have been registered between November 2023 and March 2024, with the sites masquerading as port scanning and IT management software such as Advanced IP Scanner, Angry IP Scanner, IP scanner PRTG, and ManageEngine. While this is not the first time threat actors are banking on malvertising techniques to serve malware via lookalike sites, the development marks the first time the delivery vehicle is being used to propagate a ...
