A malvertising campaign has been discovered that targets PC users searching for the CPUZ tool. This campaign involves hackers placing malicious ads at the top of search results, redirecting unsuspecting users to a fake download portal [2].


The fake download portal [2], instead of providing the legitimate CPUZ tool, contains a digitally signed installer with a malicious PowerShell script and a loader called FakeBat [1]. This PowerShell script [1] [2] [3] [4], known as FakeBat [3], deploys the RedLine Stealer on compromised hosts [1] [3] [4]. The RedLine Stealer is a type of malware that can steal personal data, including browser history, passwords [2], credit cards [2], and cryptocurrency wallets [2].

It is worth noting that this is not the first time that deceptive Google Ads for popular software have been used as a malware distribution vector [3] [4]. Another recent campaign called Nitrogen has been found to pave the way for a BlackCat ransomware attack [4]. Additionally, threat actors are increasingly using phishing kits to bypass multi-factor authentication and hijack accounts [4].

Furthermore, a new attack method called the WikiSlack attack has been discovered. This attack exploits a quirk in Slack to drive victims to an attacker-controlled website [4]. The attack involves defacing the end of a Wikipedia article and sharing it on Slack [4].


These malvertising campaigns and attack methods highlight the ongoing challenges in cybersecurity. Users need to be cautious when downloading software and ensure they are accessing legitimate sources. It is crucial for organizations and individuals to implement robust security measures, such as multi-factor authentication [4], to protect against phishing attacks. Additionally, software developers and platform providers should continuously monitor and address vulnerabilities to prevent these types of attacks. The discovery of the WikiSlack attack serves as a reminder that even seemingly harmless platforms can be exploited by threat actors. Vigilance and proactive security measures are essential in the ever-evolving landscape of cyber threats.


[1] https://alinaa-cybersecurity.com/new-malvertising-campaign-uses-fake-windows-news-portal-to-distribute-malicious-installers/
[2] https://www.tomsguide.com/news/hackers-have-found-an-insidious-way-to-attack-you-with-malware-dont-fall-for-this
[3] https://ciso2ciso.com/new-malvertising-campaign-uses-fake-windows-news-portal-to-distribute-malicious-installers-sourcethehackernews-com/
[4] https://thehackernews.com/2023/11/new-malvertising-campaign-uses-fake.html