BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • BATLOADER malware uses Google Ads to deliver Vidar and Ursnif infostealers

    Last month, a malware loader known as BATLOADER was seen abusing the Google Ads contextual advertising service to deliver secondary payloads such as Vidar Stealer and Ursnif. According to eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI, Spotify, Tableau and Zoom.

    BATLOADER, as the name suggests, is a loader that is responsible for spreading malware in the next stage. For example, information thieves, banking malware, and even ransomware.

    One of the key features of BATLOADER is the use of software imitation tactics to deliver malware. This effect is achieved by setting up similar websites that host Windows Installer files masquerading as legitimate applications. This allows hackers to trigger an infection sequence when a user looking for legitimate software clicks on a fraudulent ad on a Google search results page.

    Installation files in ".msi" format execute Python scripts containing the BATLOADER payload when run. Next, the malware of the next stage is downloaded to the victim's computer.

    Other BATLOADER samples analyzed by eSentire experts contained additional features that allow malware to establish its persistence in corporate networks.

    “Cybercriminals are abusing the Google ad network by buying ad space for popular keywords and related misspellings,” cybersecurity firm Malwarebytes noted in July 2022.
    “BATLOADER has continued to undergo changes and improvements since its first release in 2022. The malware intentionally impersonates other applications that are often found on business networks,” said eSentire.
    Author DeepWeb
    Cybersecurity specialists created BlackMamba polymorphic malware using AI
    BreachForums passed into the hands of a new manager after the arrest of Pompompurin

    Comments 0

    Add comment