Hackers are increasingly using advertising tools and marketing gimmicks to stand out from the crowd, according to new research from HP Wolf Security.
In the world of marketing and advertising, user interaction is one of the key performance indicators, and experts use a variety of tools to see which ads are clicked on more, which ads are ignored, and which ones are ignored. Optimize your messages and campaigns for maximum impact.
Now, hackers are doing the same, according to HP Wolf Security's latest threat insights report. Researchers who observed the DarkGate campaign found that attackers used malicious PDF attachments disguised as his OneDrive error messages to direct users to sponsored content hosted on popular advertising networks. I have confirmed that there is.
Dark Gate Offering
The ultimate goal of this campaign is to deliver DarkGate, a malware first discovered in 2018. DarkGate currently ships with a variety of tools. In general, DarkGate is a loader that allows attackers to deploy more dangerous malware at later stages of a breach. However, some researchers point out that DarkGate can also steal credentials from targeted endpoints and allow remote access.
The researchers further explain that by using advertising services, attackers can also analyze which lures generate the most interest among their targets, allowing them to hone their campaigns and improve their efficiency. Masu.
We also use CAPTCHA tools to prevent sandboxing from scanning for malware and ensure only real humans click on them.
Elsewhere in the report, HP Wolf Security notes that the trend away from macro-enabled Office attacks continues. However, these types of attacks still exist, “particularly when they leverage inexpensive generic malware such as Agent Tesla or XWorm.”
Finally, PDF malware is on the rise, with 11% of malware analyzed in Q4 2023 using PDF to deliver payloads, compared to just 4% in Q1 and Q2 of the same year. %. A notable example, according to the researchers, was the WikiLoader campaign that used fake courier PDFs to trick users into installing the Ursnif malware.