Tag: malvertising
17 articles

Cyberattackers Deploy Vidar Infostealer in Global Monero Mining Campaign
Cybercriminals are running a sneaky double game, using Vidar Infostealer to steal sensitive info and hijack computers to mine Monero cryptocurrency, all while selling stolen credentials on the dark web. This global campaign, targeting consumers and small businesses, is a potent reminder to stay vigilant online.

Vidar Stealer Campaign Exposes Code Signing Abuse and Evasion Tactics
In a clever April 2026 campaign, cyber attackers used malvertising to trick victims into downloading seemingly cracked software versions, which actually unleashed the Vidar stealer and XMRig malware via a sneaky loader called Factory-v3. The attackers cleverly hid their malware in password-protected .bin archives to evade detection.

Cybercriminals Exploit AI Hype in Social Engineering Attacks
Cybercriminals are cleverly exploiting our curiosity about AI to launch sophisticated social engineering attacks, using trusted AI names and urgent lures to trick victims into divulging sensitive info or downloading malware. By tapping into our desire to stay ahead of the curve, attackers are able to bypass our usual caution and catch us off guard.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users
macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Malvertising Campaign Targets macOS with FlutterShell Backdoor
Google swiftly suspended advertiser accounts linked to a massive malvertising campaign that spread a new macOS backdoor, known as FlutterShell, after researchers sounded the alarm. The culprits, tracked by Palo Alto Networks as CL-CRI-1089, used hundreds of verified Google ads and a web of shell companies to deceive ad networks.

Malvertisers Exploit Code Signing in TamperedChef Malware Campaigns
Meet the sneaky malware campaign that's been flying under the radar, leveraging polished marketing tactics and code signing to spread its malicious reach - with over 4,000 samples and 100 unique variants uncovered across three distinct clusters of activity.

Malicious Android Apps Fuel 659M Daily Ad Fraud Bid Requests
Meet Trapdoor, a massive ad fraud scam driven by 455 malicious Android apps that generated a whopping 659 million daily bid requests at its peak, all while hiding in plain sight as harmless utilities like PDF viewers and file managers. These fake apps tricked users into installing malware, unleashing a hidden ad fraud operation controlled by 183 threat actor-owned domains.

Trapdoor Android Ad Fraud Scheme Exposes 455 Malicious Apps
Meet Trapdoor, a massive Android ad fraud scheme that used 455 malicious apps to generate a staggering 659 million daily bid requests, fueling a self-sustaining machine that turned innocent installs into big bucks. This complex operation was uncovered by HUMAN's Satori Threat Intelligence and Research Team, shedding light on a pipeline for multi-stage fraud.

Malicious Site Exploits AI Interest to Deploy Beagle Backdoor
Beware of a fake website masquerading as Anthropic's Claude interface, tricking users into downloading a 505 MB ZIP archive that unleashes a new, previously undocumented Windows backdoor called Beagle. This malicious campaign uses a convincing imitation of the legitimate site to spread the infection.

pkr_mtsi Reveals Stunning, Dangerous Payloads
Think of pkr_mtsi as a benign-looking packer that attackers have turned into a slick delivery system—using malvertising and social lures to slip credential stealers, covert coin‑miners, and backdoors onto victims’ PCs. By running loaders in memory and staging payloads, it keeps infections quiet while letting criminals squeeze ongoing profit from compromised machines.

Most Parked Domains: Stunning Rise in Dangerous Malware
Dont be fooled by parked domains — a surprising surge in malicious activity on these inactive sites is exposing users and businesses to new security risks.

JackFix Exclusive Alert: Dangerous Fake Windows Updates
Heads up — don’t paste that “Windows fix” command: a slick new scam uses fake CAPTCHAs and cloned sites to trick users into running malware that gives attackers persistent access to otherwise patched PCs.

Europol Exclusive: Takedown of Dangerous Gaming Links
Europol’s exclusive takedown dismantles a network of dangerous gaming links putting players at risk — see what they uncovered and how to protect your accounts and devices.

browser-based attacks: Critical Must-Have Defenses
We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.

GPUGate malware: Exclusive Risky Search-Ad Campaign
Think twice before clicking that top search result—new GPUGate malvertising buys Google Ads and even fakes GitHub commit hashes to push trojanized installers that look legit. Protect yourself by sticking to official project pages, verifying signatures, and avoiding downloads from ad links.

fake support sites: Stunningly Dangerous macOS Threat
Think twice before downloading “help” tools from ads—attackers are using convincing fake macOS support sites and malvertising to deliver the Atomic macOS Stealer (AMOS) and quietly scoop up credentials, cookies and crypto wallets. Verify support pages with vendors directly and treat unsolicited downloads like risky strangers offering to fix your device.

malvertising campaign: Exclusive Dangerous PS1Bot Threat
What if the ads you trust were actually a backdoor? A new malvertising campaign is quietly using compromised ad networks to deploy PS1Bot — a modular PowerShell malware that runs in memory, evades traditional defenses, and can turn ordinary browsers into footholds for wider attacks.