Chinese-speaking users are being targeted by a malvertising campaign known as FakeAPP [1] [4]. This campaign utilizes malicious Google ads to redirect users to pages where they unknowingly download Remote Administration Trojans (RATs) [1] [4]. It is a continuation of a previous attack wave that specifically targeted Hong Kong users searching for messaging apps in late October 2023 [4]. The campaign has now expanded to include the messaging app LINE [1] [4]. The fraudulent ads have been traced back to two advertiser accounts based in Nigeria [4].
Description
In addition to the FakeAPP campaign, there has been a notable increase in the use of a phishing platform called Greatness. This platform allows attackers to create authentic-looking credential harvesting pages that specifically target Microsoft 365 users. What makes this platform particularly concerning is that it is being offered for sale to other criminal actors, enabling them to conduct attacks on a larger scale. Phishing attacks have also been observed in South Korea [4], where malicious Windows shortcut files are being distributed disguised as legitimate documents [4].
Threat actors are exploiting Google advertiser accounts to create harmful ads that lead users to download RATs [2], ultimately granting the attackers full control over the victims’ machines. The recent phase of the campaign has incorporated the messaging app LINE [2], redirecting users to fake websites hosted on Google Docs or Google Sites [2] [3]. The cyber criminals behind this campaign continuously introduce new loads and infrastructures to maintain control.
Conclusion
The FakeAPP campaign and the rise of the Greatness phishing platform highlight the ongoing threats faced by Chinese-speaking users. It is crucial for individuals to remain vigilant and exercise caution when interacting with online advertisements and downloading apps. Additionally, organizations should implement robust security measures to protect their employees and systems from these types of attacks. As threat actors continue to evolve their tactics, it is essential for security professionals to stay updated on emerging threats and implement appropriate mitigations.
References
[1] https://patabook.com/technology/2024/01/27/malicious-ads-on-google-target-chinese-users-with-fake-messaging-apps/
[2] https://www.phoneworld.com.pk/malicious-ads-on-google-target-chinese-users-with-fake-messaging-apps/
[3] https://pledgetimes.com/malvertising-malware-advertising-campaign-in-china/
[4] https://thehackernews.com/2024/01/malicious-ads-on-google-target-chinese.html
