Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor


A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell.

“The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites,” Zscaler ThreatLabz researchers Roy Tay and Sudeep Singh said.

Read More…