The next time when you search for a software download on the Google search engine, be cautious, as the software might also bring in new trouble as malware or might strictly act as a source to malware spread that can steal data and encrypt all the information on the web.
Security analysts from MalwareHunterTeam have discovered a threat actor tracked DEV-0569 spreading malware dubbed ‘Rhadamanthys’( Son of Zeus in Greek) by hosting it in Google Ads. Therefore, the search engine seems to have turned into a hotbed for malicious activities these days as it is helping threat actors fox people searching for popular software programs such as WinRAR, VLC, TradingView, Awesome Miner, LibreOffice, MS Office, LightShot, and photo editing softwares.
What’s amazing in this activity is that the bad guys are using classic SEO tactics to poison the search engines, making them rank good for popular software, that are not genuine in real.
Such practices are prevailing since February 2022. But are being recognized now, as the number of victims falling prey to such attacks has increased by 40% at the end of last year.
Furthermore, the threat actors are not only restricting their distribution to software downloading platforms. But are also inducting them into pop-up ads displayed on the screen when we watch pirated TV or movie content. And the spread ratio when compared to fake software downloading platform with pirated content streaming platforms is said to be 30% more than the actual.
Researchers believe that DEV-0569 seems to have some link with the Royal Ransomware gang and the Microsoft Threat Intelligence team has prepared and offered a detailed report to the Alphabet Inc’s subsidiary on this note in December last year.
A mechanism to warn online users against such fraudulent websites is already in place and Microsoft has alerted all Windows users as soon as they come across such malevolent URLs.