Skip to main content

Tag: malvertising

17 articles

Ordinary office workspace with computers and monitors on desks, hinting at a global cyberattack.

Cyberattackers Deploy Vidar Infostealer in Global Monero Mining Campaign

Cybercriminals are running a sneaky double game, using Vidar Infostealer to steal sensitive info and hijack computers to mine Monero cryptocurrency, all while selling stolen credentials on the dark web. This global campaign, targeting consumers and small businesses, is a potent reminder to stay vigilant online.

Analyst 207
Cracked software package on laptop screen with archive being extracted in background.

Vidar Stealer Campaign Exposes Code Signing Abuse and Evasion Tactics

In a clever April 2026 campaign, cyber attackers used malvertising to trick victims into downloading seemingly cracked software versions, which actually unleashed the Vidar stealer and XMRig malware via a sneaky loader called Factory-v3. The attackers cleverly hid their malware in password-protected .bin archives to evade detection.

Analyst 207
Person sitting at desk with laptop open, hands poised over keyboard in a brightly-lit office setting.

Cybercriminals Exploit AI Hype in Social Engineering Attacks

Cybercriminals are cleverly exploiting our curiosity about AI to launch sophisticated social engineering attacks, using trusted AI names and urgent lures to trick victims into divulging sensitive info or downloading malware. By tapping into our desire to stay ahead of the curve, attackers are able to bypass our usual caution and catch us off guard.

Analyst 207
Cluttered home office desk with Mac computer and blurred screen, suburban neighborhood visible through window.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users

macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Analyst 207
Brightly-lit operation center with multiple workstations and cityscape background, hinting at network infrastructure.

Malvertising Campaign Targets macOS with FlutterShell Backdoor

Google swiftly suspended advertiser accounts linked to a massive malvertising campaign that spread a new macOS backdoor, known as FlutterShell, after researchers sounded the alarm. The culprits, tracked by Palo Alto Networks as CL-CRI-1089, used hundreds of verified Google ads and a web of shell companies to deceive ad networks.

Analyst 207
Devices and equipment in a brightly-lit tech facility with a laptop screen displaying blurred code.

Malvertisers Exploit Code Signing in TamperedChef Malware Campaigns

Meet the sneaky malware campaign that's been flying under the radar, leveraging polished marketing tactics and code signing to spread its malicious reach - with over 4,000 samples and 100 unique variants uncovered across three distinct clusters of activity.

Analyst 207
Person holding smartphone surrounded by fake software update prompts and alerts.

Malicious Android Apps Fuel 659M Daily Ad Fraud Bid Requests

Meet Trapdoor, a massive ad fraud scam driven by 455 malicious Android apps that generated a whopping 659 million daily bid requests at its peak, all while hiding in plain sight as harmless utilities like PDF viewers and file managers. These fake apps tricked users into installing malware, unleashing a hidden ad fraud operation controlled by 183 threat actor-owned domains.

Analyst 207
Smartphone lies on a park bench surrounded by scattered papers and app icons, with a city street in the background.

Trapdoor Android Ad Fraud Scheme Exposes 455 Malicious Apps

Meet Trapdoor, a massive Android ad fraud scheme that used 455 malicious apps to generate a staggering 659 million daily bid requests, fueling a self-sustaining machine that turned innocent installs into big bucks. This complex operation was uncovered by HUMAN's Satori Threat Intelligence and Research Team, shedding light on a pipeline for multi-stage fraud.

Analyst 207
Cluttered office desk with laptop and smartphone, screens blurred.

Malicious Site Exploits AI Interest to Deploy Beagle Backdoor

Beware of a fake website masquerading as Anthropic's Claude interface, tricking users into downloading a 505 MB ZIP archive that unleashes a new, previously undocumented Windows backdoor called Beagle. This malicious campaign uses a convincing imitation of the legitimate site to spread the infection.

Analyst 207
pkr_mtsi Reveals Stunning, Dangerous Payloads

pkr_mtsi Reveals Stunning, Dangerous Payloads

Think of pkr_mtsi as a benign-looking packer that attackers have turned into a slick delivery system—using malvertising and social lures to slip credential stealers, covert coin‑miners, and backdoors onto victims’ PCs. By running loaders in memory and staging payloads, it keeps infections quiet while letting criminals squeeze ongoing profit from compromised machines.

Analyst 207
Most Parked Domains: Stunning Rise in Dangerous Malware

Most Parked Domains: Stunning Rise in Dangerous Malware

Dont be fooled by parked domains — a surprising surge in malicious activity on these inactive sites is exposing users and businesses to new security risks.

Analyst 207
JackFix Exclusive Alert: Dangerous Fake Windows Updates

JackFix Exclusive Alert: Dangerous Fake Windows Updates

Heads up — don’t paste that “Windows fix” command: a slick new scam uses fake CAPTCHAs and cloned sites to trick users into running malware that gives attackers persistent access to otherwise patched PCs.

Analyst 207
Europol Exclusive: Takedown of Dangerous Gaming Links

Europol Exclusive: Takedown of Dangerous Gaming Links

Europol’s exclusive takedown dismantles a network of dangerous gaming links putting players at risk — see what they uncovered and how to protect your accounts and devices.

Analyst 207
browser-based attacks: Critical Must-Have Defenses

browser-based attacks: Critical Must-Have Defenses

We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.

Analyst 207
GPUGate malware: Exclusive Risky Search-Ad Campaign

GPUGate malware: Exclusive Risky Search-Ad Campaign

Think twice before clicking that top search result—new GPUGate malvertising buys Google Ads and even fakes GitHub commit hashes to push trojanized installers that look legit. Protect yourself by sticking to official project pages, verifying signatures, and avoiding downloads from ad links.

Analyst 207
fake support sites: Stunningly Dangerous macOS Threat

fake support sites: Stunningly Dangerous macOS Threat

Think twice before downloading “help” tools from ads—attackers are using convincing fake macOS support sites and malvertising to deliver the Atomic macOS Stealer (AMOS) and quietly scoop up credentials, cookies and crypto wallets. Verify support pages with vendors directly and treat unsolicited downloads like risky strangers offering to fix your device.

Analyst 207
malvertising campaign: Exclusive Dangerous PS1Bot Threat

malvertising campaign: Exclusive Dangerous PS1Bot Threat

What if the ads you trust were actually a backdoor? A new malvertising campaign is quietly using compromised ad networks to deploy PS1Bot — a modular PowerShell malware that runs in memory, evades traditional defenses, and can turn ordinary browsers into footholds for wider attacks.

Analyst 207