Malvertising
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. Shared Claude Chats weaponized to target macOS users The campaign was spotted by Berk Albayrak, a […]
Google expands Gemini AI use to fight malicious ads on its platform
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. In a new post, the company reports having blocked or removed 8.3 billion ads and suspended 24.9 million advertiser accounts in 2025, […]
1Campaign platform helps malicious Google ads evade detection
A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. 1Campaign is a cloaking service that passes Google’s screening process and shows malicious content only to real potential victims. Security researchers and automated scanners are served […]
ClickFix malware attacks evolve with video instructions and OS detection
ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. In a typical ClickFix attack, the threat actor relies on social-engineering to trick users into pasting and executing code or […]
Fake Microsoft Teams installers push Oyster malware via malvertising
Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect Windows devices with the Oyster backdoor, providing initial access to corporate networks. The Oyster malware, also known as Broomstick and CleanUpLoader, is a backdoor that first appeared in mid-2023 and has since been linked to multiple campaigns. […]
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X’s built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. As discovered by Guardio Labs’ researcher Nati Tal, mavertisers often run sketchy video ads containing adult content baits and avoid including a link to the main body to avoid being blocked by X. Instead, […]
Brokewell Android malware delivered through fake TradingView ads
Cybercriminals are abusing Meta’s advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. The campaign targets cryptocurrency assets and has been running since at least July 22nd through an estimated 75 localized ads. Brokewell has been around since early 2024 and features a broad set of capabilities that […]
TamperedChef infostealer delivered through fraudulent PDF Editor
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. The campaign is part of a larger operation with multiple apps that can download each other, some of them tricking users into enrolling their system into residential proxies. More than […]
Cybercriminals exploit AI hype to spread ransomware, malware
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware. These lures have become widely adopted by info-stealer malware operators and ransomware operations attempting to […]
Fake KeePass password manager leads to ESXi ransomware attack
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. WithSecure’s Threat Intelligence team discovered the campaign after they were brought in to investigate a ransomware attack. The researchers found that the attack […]