A Google ad network has been found serving malicious ads that may end up seeing users have files identity data (Opens in a new tab) And another sensitive intel theft.
It is said that hackers managed to trick Google Ad Manager into presenting a fake ad to the public photo editor GIMP, which means that those who wanted to download the program only ended up with a powerful inventor called Vidar.
When the victim types the word “GIMP” or a similar keyword in the Google search engine, he will be presented, among other things, with an advertisement showing the official GIMP website – GIMP.org. However, actually clicking on the ad will not send the victim to that specific domain, but rather to gilimp.org, or gimp.monster. There, they will be offered to download a file of 700 MB, an oversized executable of only 5 MB – the information program Vidar.
How this was possible is still not entirely certain. While some researchers believe that the threat actor used the IDN homograph to make Cyrillic gіmp.org – written as http://xn--gmp-jhd.org/, appear as gimp.org in the Latin alphabet, others are of the opinion that the trick in The reality is much less detailed.
In fact, Computer Reports suggest that Google allows publishers to create ads using two different URLs – one to serve viewers and one where they will actually be taken. Google is allegedly very strict with this stuff allowing, for example, only those who use the same domain. How or why the advertising manager allowed this campaign to begin is unknown. Google remains silent on this issue, and we will update the article if the search giant decides to dwell.
Vidar is known to be an information expert who can catch him Browser (Opens in a new tab) Information (passwords, cookies, stored credit card information, etc.), cryptocurrency wallet information, Telegram credentials, file transfer application information, and a lot of other sensitive data.
Across. Computer (Opens in a new tab)