Hackers spread FatalRAT malware disguised as popular applications using Google advertising

Share This Post

  • Those who speak Chinese in Southeast and East Asia are the focus of a recent fraudulent Google Adwords campaign that infects targeted computers with remote access trojans like FatalRAT.

According to a research released today by ESET, the assaults involve paying for ad spots to show up in Google search results that point people looking for popular software to dubious websites holding trojanized installers. The advertisements have subsequently been removed.

Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office are a some of the spoofing software programs.

The Slovak cybersecurity firm added that it has detected the attacks between August 2022 and January 2023. “The websites and installers downloaded from them are predominantly in Chinese and in some cases erroneously advertise Chinese language versions of software that are not accessible in China,” it stated.

The construction of lookalike websites with typosquatted names to spread the malicious installer—which, in an effort to maintain the masquerade, installs the legitimate software but also drops a loader that launches FatalRAT—is the most significant part of the attacks.

Taiwan, China, and Hong Kong have the highest concentration of victims, followed by Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia, and Myanmar.

By doing this, it gives the attacker total control over the affected machine, enabling them to launch files, run arbitrary shell commands, gather data from web browsers, and record keystrokes.

The researchers noted that the attackers had made an effort to use domain names for their websites that were as close to the official names as possible. “In most cases, the bogus websites are exact replicas of the real websites.”

Less than a year ago, Trend Micro revealed a Purple Fox operation that used contaminated versions of Adobe, Google Chrome, Telegram, and WhatsApp as a vector for spreading FatalRAT. They also appear in the midst of a larger exploitation of Google AdWords to distribute a variety of viruses or, alternatively, direct users to pages that steal their credentials.

In a related development, Symantec’s Threat Hunter Team revealed another malware campaign that uses the previously unidentified Frebniis.NET-based implant to target Taiwanese companies. The Frebniis method entails injecting malicious code into the memory of a DLL file (iisfreb.dll) linked to an IIS function designed to diagnose and analyze unsuccessful web page requests.

This enables remote code execution by enabling the malware to covertly monitor all HTTP requests and identify specially structured HTTP requests provided by the attacker. Who blamed an unidentified perpetrator for the intrusion, it is presently unknown how access to the Windows PC operating the Internet Information Services (IIS) server came about.

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...