[responsivevoice_button voice=”UK English Female” buttontext=”Listen to Article”]
Malvertising tactics collect user data by disguising dangerous payloads as popular apps.
Cyber fraudsters are always looking for new methods to abuse people and gain their personal information by scouring the technological landscape.
Phishing attacks have been used in the past to fool users into supplying sensitive information by impersonating a trusted source and asking for the user’s information.
However, a new malicious effort, according to Cisco’s Talos threat intelligence division, has been gaining steam as an efficient technique of harvesting information from unwitting users.
Malvertising is a term used by Cisco’s Talos Intelligence to describe how deceptive web advertising is used to deceive people looking for legitimate software downloads.
The Magnat effort, according to Cisco threat intelligence, began in late 2018 and targets users in Canada, the United States, Australia, and numerous other European countries.
When a user is directed to the phony download, they launch a fake installer that installs three different types of malware on their computer.
The false installer begins installing various malware components, but it does not install the program that the user was looking for.
The first type of malware is a password stealer, which collects user credentials by using a program called Redline.
MagnatBackdoor, another piece of malware, sets up remote access to the user’s device using Microsoft Remote Desktop.
This access, when paired with the user credentials acquired by Redline (or a similar tool), might provide unrestricted access to the user’s systems, despite the fact that they are protected and firewalled.
MagnatExtension, a Chrome browser extension used for keylogging, capturing screenshots of sensitive information, and other malicious activities, is the last piece of the malware trifecta.
A potential malvertising effort was depicted in screenshots and download samples in an August 2021 tweet.
Talos examined the samples mentioned in the tweet and confirmed that at least one sample included the malware components MagnatBackdoor, MagnatExtension, and Redline.
The Magnat tools, according to Talos, have been created and enhanced over a number of years and show no indications of stopping down anytime soon.
The name of the installer package is continuously changing, but it usually references the names of prominent apps to add legitimacy and fool consumers into installing it.
Viber-25164.exe, Wechat-35355.exe, build 9.716-6032.exe, setup 164335.exe, no setup 55606.exe, and battlefield setup 76522.exe are examples of previous package names.