How hackers are using Google ads network to steal users’ data – Times of India

By Andrew McCollum On Feb 3, 2023

Hackers are using Google ads network in spreading malware to steal users’ data. The cyberattack campaign, called malvertising, gains significance because it uses a virtualisation technology that allows the malware to evade detection by antivirus programmes.
What is malvertising?
Malvertising, or malicious advertising, is a type of cyberattack in which hackers distribute malware by injecting malicious codes into digital ads. The infected advertisements are difficult to detect by both internet users and publishers. These infected ads are served to consumers through legitimate advertising networks.
How hackers are stealing user information?
Hackers are spreading malicious installers by leveraging KoiVM virtualisation technology that enables malware to evade detection when installing it. KoiVM is a plugin that obfuscates a program’s operation codes so that the virtual machine (a compute resource that uses software instead of a physical computer to run programs and deploy apps) only understands them.

Obfuscation is defined as the act of creating a code that is difficult for humans or computers to understand. When the malicious code is launched, the virtual machine translates the operation codes back to their original form so that the application can be executed.
“Virtualization frameworks such as KoiVM obfuscate executables by replacing the original code, such as NET Common Intermediate Language (CIL) instructions, with virtualised code that only the virtualisation framework understands,” a new report by SentinelLabs said.
“When put to malicious use, virtualisation makes malware analysis challenging and also represents an attempt to evade static analysis mechanisms,” the report said, adding that KoiVM virtualisation is popular for hacking tools but is seldom used to distribute malware.

Google search ads abuse
The researchers claim that, over the past month, they saw increased use of Google search ads to distribute various malware. The fake sites that appear as advertisements utilise invalid digital signatures impersonating Microsoft, Acer, DigiCert, Sectigo, and AVG Technologies USA into fooling customers and avoiding detection.

How to enable Android 13-themed icons on your phone

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.