Malvertising on the rise! Malicious text editors surfaced in search ads.

Malvertising on the rise! Malicious text editors found in search results.

Malvertising, the procurement of malicious search ads, continues to attract attention from threat actors. Kaspersky researchers recently identified a fresh campaign employing this tactic. They discovered a Chinese search engine displaying an advertisement when users searched for the "notepad++" app. This ad directed users to a webpage offering downloads for the VNote app on macOS and Linux, alongside a legitimate notepad++ download for Windows. The malicious applications attempted to retrieve a file from a server to execute a secondary payload, but the researchers encountered the server being offline. Analysis of the app's code indicated that the payload was likely a backdoor, utilizing an open-source adaptation of Cobalt Strike.

The malicious website discovered in the search for Notepad++ is disseminated via an advertisement block. Upon opening it, a vigilant user will promptly detect an intriguing inconsistency: the website address features the term "vnote," the title promotes a download of "Notepad--" (an equivalent of Notepad++, also available as open-source software), while the image prominently displays Notepad++. However, the packages downloaded from this source actually contain Notepad--.

Key takeaways for your business:

1. Awareness of Malvertising: SMBs need to be aware of the prevalence of malvertising, where malicious advertisements are used to distribute malware. Understanding how threat actors leverage advertising networks to target users is essential for implementing effective security measures.
   

2. Vigilance in Online Activities: SMBs and their employees should exercise caution when browsing the internet and interacting with online advertisements. Being vigilant and attentive to inconsistencies or suspicious elements in advertisements can help mitigate the risk of falling victim to malvertising campaigns.
   

3. Targeted Attacks: The article highlights a targeted malvertising campaign that specifically aimed to lure users searching for the "Notepad++" app. SMBs should recognize that threat actors may tailor their attacks to exploit popular software or tools commonly used by employees, emphasizing the importance of robust cybersecurity defenses.
   

4. Diversified Platforms: The malvertising campaign targeted users on multiple platforms, including macOS, Linux, and Windows. SMBs should ensure that their security measures are comprehensive and cover all platforms used within their organization to mitigate the risk of malware infections.
   

5. Open-Source Software Risks: The malicious applications distributed in this campaign utilized open-source software, highlighting the potential risks associated with relying on third-party software sources. SMBs should exercise caution when downloading software and implement strict controls to verify the authenticity and integrity of software sources.
   

6. Backdoor Threats: The payload associated with the malvertising campaign was likely a backdoor, indicating the potential for unauthorized access to systems and data. SMBs should prioritize security measures such as network monitoring, endpoint protection, and regular security assessments to detect and prevent backdoor attacks.