It has been reported that researchers have tracked down the origins of several increasingly prevalent info-stealers – including Redline, Taurus, Tesla and Amadey – that threat actors are delivering via pay-per-click (PPC) ads in Google’s search results.
On Wednesday, breach prevention firm Morphisec posted an advisory in which it said that over the past month, it’s investigated the origins of paid ads that appear on the first page of search results and that lead to downloads of malicious AnyDesk, Dropbox and Telegram packages wrapped as ISO images.
<p dir=\"ltr\">Attackers are constantly figuring out new ways to deliver malware to unsuspecting victims. The campaigns with the greatest success rates are often ones that use a legitimate platform to deliver the attack. Leveraging paid Google ads creates an initial sense of trust – much like what attackers are able to do with socially engineered phishing campaigns. This trust causes users to let their guard down, and attackers exploit that to execute their attack. </p> <p dir=\"ltr\"> </p> <p>The concerning thing about this tactic is that it could be used to target both mobile and desktop users. Since paid Google ads appear on both platforms, the attacker could adjust their payload to target both any user on any device. Considering the nature of the malware itself, this incident should be concerning to individuals and enterprises alike. With hybrid work being the reality for most organizations in the foreseeable future, employees will continue to use both managed and unmanaged devices to access corporate infrastructure and cloud apps. This goes for smartphones, tablets, laptops, and desktops. Employees expect to be productive from any device, which means corporate data needs to be secured from the endpoint itself all the way to the cloud. </p> <p> </p> <p>In order to protect themselves against attacks like this, security teams need to implement a Zero Trust philosophy across their entire infrastructure. To take it a step further, implementing granular policies that dynamically adjust access based on the unique risk profile of both the user and the device is a necessity. This will ensure that users are who they say they are and can only access the resources they need to get their work done.</p>