A threat actor has been observed using Google Ads to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. The malware is attributed to a financially motivated e-crime syndicate known as TA505 and has features such as dynamic import resolution, anti-emulation checks, and string obfuscation to evade detection. Once installed, it steals data from cryptocurrency wallet extensions and can remotely access the compromised host via an hVNC module. It is also being distributed through rogue Google ads for legitimate tools such as AnyDesk on a network of lookalike landing pages. Additionally, GootLoader, which has been active since 2018 and functions as an initial access-as-a-service operation, is employing SEO poisoning to target victims searching for agreements and contracts.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.