DeerStealer Malware Exploits Google Ads to Target Users

DUBAI, UNITED ARAB EMIRATES, August 6, 2024 /EINPresswire.com/ -- A sophisticated malware campaign exploiting Google's advertising platform has been uncovered by cybersecurity researchers from ANY.RUN — a provider of cloud cybersecurity tools for malware analysis and threat intelligence.

The campaign delivers a newly identified information-stealer, dubbed "DeerStealer" by ANY.RUN researchers, targeting users searching for Google Authenticator.

The attack chain begins with malicious advertisements appearing in Google search results. These ads display legitimate Google domains to increase credibility. Users who click on these ads are redirected through multiple sites, ultimately landing on malicious domains such as "chromeweb-authenticators.com". These fake websites prompt users to download an executable file named "Authenticator.exe", which contains the DeerStealer malware. To further avoid detection, the file is hosted on a GitHub repository and signed by seemingly legitimate companies like Reedcode Ltd.

DeerStealer is a modern information-stealing malware capable of extracting credentials, cookies, and other sensitive data from web browsers. It primarily targets Windows systems and represents a significant threat to user privacy and security.

The malware's sophistication and the campaign's use of legitimate services make it particularly dangerous and difficult to detect.

Google has responded by blocking the fake advertiser and is working to enhance its detection systems. In 2023, the company removed 3.4 billion ads and suspended 5.6 million advertiser accounts as part of its ongoing security efforts.

Users are advised to exercise caution when clicking on promoted search results, use ad blockers, verify download URLs, and scan all downloads with updated antivirus software.

For more information, visit the ANY.RUN blog.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X