In a disturbing development, cybersecurity researchers have uncovered a new malvertising campaign that leverages fake websites posing as legitimate Windows news portals to spread a malicious installer for the popular system profiling tool, CPU-Z.

According to cybersecurity experts at Malwarebytes, this malicious activity is part of a larger campaign targeting various utilities such as Notepad++, Citrix, and VNC Viewer. The campaign employs deceptive domain names and cloaking techniques to evade detection, making it a significant threat to unsuspecting users.

The modus operandi of the attackers involves setting up replica sites that imitate well-known portals like WindowsReport[.]com. The objective is to deceive users searching for CPU-Z on search engines, particularly Google. The attackers employ malicious ads that, when clicked, redirect users to the fake portal located at workspace-app[.]online.

Interestingly, the campaign also utilizes a technique known as cloaking. This involves serving an innocuous blog with unrelated articles to users who are not the intended victims of the malware. The use of such tactics adds an additional layer of complexity to the attack, making it harder to detect and mitigate.

The malicious installer hosted on the rogue website is signed and contains a nefarious PowerShell script. This script acts as a loader, known as FakeBat or EugenLoader, serving as a conduit to deploy RedLine Stealer on the compromised host. RedLine Stealer is a notorious information-stealing malware that poses a severe threat to user privacy and security.

Security experts speculate that the choice of mimicking the Windows Report website may be strategic, as many users often download software utilities from

such portals rather than official websites. This deviation from the traditional method of setting up replica sites for widely-used software marks a notable evolution in malvertising strategies.

To safeguard yourself from falling victim to such malicious campaigns, it’s crucial to adopt proactive security measures. Here are some key steps you can take:

Download Software from Official Sources:

• Always download software from the official websites of the respective developers. Avoid third-party sources or download links from unfamiliar websites.

Use Reliable Security Software:

• Install and regularly update reputable antivirus and anti-malware software to detect and neutralize potential threats.

Stay Informed:

• Keep yourself informed about the latest cybersecurity threats and attack vectors. Regularly check for updates from reliable cybersecurity sources.

Exercise Caution with Ads:

• Be wary of clicking on advertisements, especially those promoting software downloads. Stick to official channels and trusted platforms.

Verify Website URLs:

• Double-check the URL of the website before downloading any software. Ensure it matches the official domain of the developer.

By following these precautions, you can significantly reduce the risk of falling prey to malvertising campaigns and protect your system from potential threats. Stay vigilant, stay informed, and prioritize cybersecurity to ensure a safe online experience.

Source – Hacker News’

Blog By – Daresh Ruel Tissaaratchy