Do you ever see an advertisement for a free download of a popular Windows application and think, “Wow, this sure sounds too good to be true!”? Well, it most definitely is, and hackers use these malvertisements to infect computers with malware and other threats. Specifically, malvertising is used to download three different types of malware, all of which can cause harm to unwary businesses.
This particular type of malvertisement threat, a new campaign targeting users in Canada, the United States, Europe, Australia, and Nigeria, aims to capture usernames, passwords, and other sensitive credentials from users.
The three types of malware commonly installed through this new malvertising campaign–dubbed Magnat by Cisco Talos–include, according to ZDNet, a malicious browser extension that has the same capabilities as Trojan malware. In other words, it provides a backdoor entrance to the user’s system. This malware is as-yet undocumented and appears to be custom-built, and it has been developed over the course of the past several years. The other malware installed using this campaign is a password stealer.
While the malicious browser extension (also a keylogger) itself and the password stealer are cookie-cutter malware that have been around for quite some time, the backdoor is something else entirely. The backdoor, dubbed MagnatBackdoor by researchers, allows attackers to gain remote control over a PC without being detected. It also adds a new user and installs keyloggers and other malware that allow the attackers to steal information like usernames, passwords, and other sensitive credentials. According to researchers, the threat works much like a banking trojan, and aims to steal credentials for either individual sale on the Dark Web or for use by the attackers.
The malware is primarily distributed through malicious adverts–advertisements that link to malicious file downloads–for popular software solutions. These campaigns are obviously causes for concern, but it’s important to remember that they are nothing new. We have been around the block a time or two with these types of threats, so we know how to combat them. Malvertisement is not a new concept, and it has been around for a long time, so it’s no surprise that hackers would continue to use this avenue to infect PCs.
Twintel can help your business stay secure from online threats of all kinds, and while we cannot stop your employees from clicking on questionable advertisements, we can help to inform them of why they shouldn’t be doing such a thing in the first place, and block a lot of bad content before it gets to them. To learn more about what we can do for your business, contact us at 888-428-0599.