The most prominent thing you will notice while using a web browser or any application are Google Ads. Now, cybercriminals are using malicious Google Ads or SEO poisoning to spread malware which can lead to financial losses for common users. According to a recent blog post by Secureworks, Counter Threat Unit (CTU) researchers have observed a malware called Bumblebee, which is being distributed via Trojanized installers for popular softwares like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
Bumblebee malware is a modular loader, historically distributed primarily through phishing, that has been used to deliver payloads commonly associated with ransomware deployments. Trojanizing installers for software that is particularly topical (e.g., ChatGPT) or software commonly used by remote workers increases the likelihood of new infections, the log post informed.
"One of the Bumblebee samples CTU researchers analyzed was downloaded from http: //appcisco.com/vpncleint/cisco-anyconnect-4_9_0195.msi. On or around February 16, 2023, a threat actor created a fake download page for Cisco AnyConnect Secure Mobility Client v4.x on the appcisco . com domain. An infection chain that began with a malicious Google Ad sent the user to this fake download page via a compromised WordPress site," the post read.
When a user falls victim to Bumblebee malware, the threat actor then gets access to their device's system making all of the victim's crucial details including banking details and confidential photos and files – vulnerable.
In order to avoid such situations and stay safe, people are advised to make sure they enter websites via legitimate sources and make sure that they do not click on random links or ads. Also, you can install
Read more on tech.hindustantimes.com