PikaBot Attacking Windows Machine via Malicious Search Ads

This nefarious stratagem has set its sights on businesses, executing a sophisticated dance that sidesteps conventional security fortifications.
At the forefront of this digital onslaught is the insidious PikaBot, a malware variant that ingeniously exploits the expansive reach of Google Ads to infiltrate the fortifications of corporate networks,.
PikaBot's clandestine journey began within the shadowy realms of email spam campaigns orchestrated by the notorious threat actor TA577.
A strategic shift occurred with the dismantling of the QakBot botnet, propelling PikaBot into a new arena - the deceptive landscape of search engine ads masquerading as bona fide software, such as the widely-used AnyDesk.
According to Malwarebytes Labs, the MSI installer that was downloaded is digitally signed and has not been detected by any antivirus software on VirusTotal.
Employing sophisticated techniques like indirect syscalls, this malware embeds itself into authentic processes, rendering it an elusive and formidable adversary.
PikaBot's deceptive intricacies resemble prior malvertising endeavors targeting platforms like Zoom and Slack.
The resurgence of PikaBot signifies a disconcerting trend - the revival of drive-by downloads, albeit in a more sophisticated guise.
Unlike the bygone era of exploit kits and compromised websites, these attacks capitalize on the trust invested in search engines, delivering malware directly to our screens.
This serves as a stark admonition for businesses to transcend traditional perimeter defenses.
Establishing secure application repositories and fostering online vigilance among employees become imperative shields against the looming threat of malvertising.
Detection and interception of PikaBot-laden installers and active reporting of malicious ads to digital gatekeepers like Google and Dropbox form critical components of this ongoing digital warfare.


This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 19 Dec 2023 08:25:05 +0000


Cyber News related to PikaBot Attacking Windows Machine via Malicious Search Ads

Water Curupira Hackers Launch Pikabot Malware Attack Windows - Pikabot is a loader malware that is active in spam campaigns and has been used by the threat group Water Curupira, which has been paused from June to September 2023 after Qakbot's takedown. The surge in Pikabot phishing campaigns was noted recently ...
11 months ago Gbhackers.com
PikaBot Attacking Windows Machine via Malicious Search Ads - This nefarious stratagem has set its sights on businesses, executing a sophisticated dance that sidesteps conventional security fortifications. At the forefront of this digital onslaught is the insidious PikaBot, a malware variant that ingeniously ...
1 year ago Cybersecuritynews.com
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks - A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious ...
11 months ago Darkreading.com
30 Best Cyber Security Search Engines - In recent years, several search engines have been developed that are primarily focused on cyber security. In today's era, having all the necessary resources and search tools related to cyber security is crucial to staying protected against emerging ...
5 months ago Cybersecuritynews.com
The Role of Machine Learning in Cybersecurity - Machine learning plays a crucial role in cybersecurity by enhancing defense mechanisms and protecting sensitive information. The key advantage of using machine learning in cybersecurity is its ability to constantly adapt and learn from new threats. ...
10 months ago Securityzap.com
Microsoft again bothers Chrome users with Bing popup ads in Windows - Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. Due to the quality of the pixelated ads, some who received them were concerned that ...
9 months ago Bleepingcomputer.com
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
7 months ago Bleepingcomputer.com
What is SEO Poisoning Attack? - Search engine optimization (SEO) poisoning is a type of cyber attack that infiltrates search results. It consists of malicious search engine results created by an attacker attempting to redirect someone to malicious or vulnerable webpages. It is a ...
1 year ago Heimdalsecurity.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Crypto drainer steals $59 million from 63k people in Twitter ad push - Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they ...
1 year ago Bleepingcomputer.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
11 months ago Bleepingcomputer.com
Massive utility scam campaign spreads via online ads - When customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they ...
10 months ago Malwarebytes.com
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence - This article summarizes the malware families seen by Unit 42 and shared with the broader threat hunting community through our social channels. We also included a number of posts about the cybercrime group TA577 - who have distributed multiple malware ...
11 months ago Unit42.paloaltonetworks.com
Fake KeePass site uses Google Ads and Punycode to push malware - A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Google has been battling with ongoing malvertising campaigns that allow ...
1 year ago Bleepingcomputer.com
Google Ads Invite Being Abused to Push Spam & Adult Sites - Google Ads has become another way for malicious actors to spread spam and adult sites. Recent reports have highlighted that fraudsters are abusing Google Ads invites to push their malicious content. Google Ads is Google's advertising platform, and ...
1 year ago Bleepingcomputer.com
Meta says it will begin labeling political ads that use AI-generated imagery - WASHINGTON - Facebook and Instagram will require political ads running on their platforms to disclose if they were created using artificial intelligence, their parent company announced on Wednesday. Under the new policy by Meta, labels acknowledging ...
1 year ago Apnews.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
2 months ago Unit42.paloaltonetworks.com
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
1 year ago Msrc.microsoft.com
Sick of ads on Android? Change these 5 settings for more privacy - fast | ZDNET - To disable Ad measurement, go to Settings > Privacy > Ads > Ad Privacy > Ad measurement and tap the On/Off slider until it's in the Off position. Similar to Ad topics, you can block specific apps from suggesting ads to other apps, or ...
2 months ago Zdnet.com
JFrog, AWS team up for machine learning in the cloud - Software supply chain provider JFrog is integrating with the Amazon SageMaker cloud-based machine learning platform to incorporate machine learning models into the software development lifecycle. The JFrog platform integration with Amazon SageMaker, ...
11 months ago Infoworld.com
Python-Based Malware Slithers Into Systems via Legit VS Code - "The [threat actor (TA)] leverages a [VS Code] tool to initiate a remote tunnel and retrieve an activation code, which the TA can use to gain unauthorized remote access to the victim’s machine," according to the blog post about the ...
2 months ago Darkreading.com
How to Stop Advertisers From Tracking Your Teen Across the Internet | Electronic Frontier Foundation - At 13, children transition abruptly between two extremes—from potential helicopter parental surveillance to surveillance advertising that connects their online activity and search history to marketers serving targeted ads. The Children’s Online ...
2 months ago Eff.org
CVE-2024-47317 - Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: ...
1 month ago Tenable.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
2 months ago Securelist.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)