home.social

#malvertizing — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #malvertizing, aggregated by home.social.

  1. Brad @[email protected] ·

    2026-05-11 (Monday) #Malvertizing: Another ad in Google search results leads to a page impersonating a Claude download but distributing #macOS #malware. A #pcap of the infection traffic, some of the indicators and associated files are available at malware-traffic-analysis.net/2

    #malvertizing #macos #malware #pcap
  2. Brad @[email protected] ·

    2026-05-11 (Monday) #Malvertizing: Another ad in Google search results leads to a page impersonating a Claude download but distributing #macOS #malware. A #pcap of the infection traffic, some of the indicators and associated files are available at malware-traffic-analysis.net/2

    #malvertizing #macos #malware #pcap
  3. Brad @[email protected] ·

    2026-05-11 (Monday) #Malvertizing: Another ad in Google search results leads to a page impersonating a Claude download but distributing #macOS #malware. A #pcap of the infection traffic, some of the indicators and associated files are available at malware-traffic-analysis.net/2

    #malvertizing #macos #malware #pcap
  4. Brad @[email protected] ·

    2026-05-11 (Monday) #Malvertizing: Another ad in Google search results leads to a page impersonating a Claude download but distributing #macOS #malware. A #pcap of the infection traffic, some of the indicators and associated files are available at malware-traffic-analysis.net/2

    #pcap #malware #macos #malvertizing
  5. Brad @[email protected] ·

    2026-05-11 (Monday) #Malvertizing: Another ad in Google search results leads to a page impersonating a Claude download but distributing #macOS #malware. A #pcap of the infection traffic, some of the indicators and associated files are available at malware-traffic-analysis.net/2

    #malvertizing #macos #malware #pcap
  6. Quad9DNS @[email protected] ·

    The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 quad9.net/news/blog/trends-h2-

    #DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

    #threatintel #dns #infosec #mirai #omnatour #malvertizing
  7. Quad9DNS @[email protected] ·

    The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 quad9.net/news/blog/trends-h2-

    #DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

    #threatintel #dns #infosec #mirai #omnatour #malvertizing
  8. Quad9DNS @[email protected] ·

    The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 quad9.net/news/blog/trends-h2-

    #DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

    #threatintel #dns #infosec #mirai #omnatour #malvertizing
  9. Quad9DNS @[email protected] ·

    The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 quad9.net/news/blog/trends-h2-

    #DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

    #crowdstrike #malvertizing #omnatour #mirai #infosec #dns
  10. Quad9DNS @[email protected] ·

    The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 quad9.net/news/blog/trends-h2-

    #DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

    #threatintel #dns #infosec #mirai #omnatour #malvertizing
  11. Pyrzout :vm: @[email protected] ·

    Lumma Stealer – Tracking distribution channels – Source: securelist.com ciso2ciso.com/lumma-stealer-tr #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

    #rssfeedpostgeneratorecho #malwaredescriptions #malwaretechnologies #cybersecuritynews #cryptocurrencies #incidentresponse
  12. Pyrzout :vm: @[email protected] ·

    Lumma Stealer – Tracking distribution channels – Source: securelist.com ciso2ciso.com/lumma-stealer-tr #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

    #rssfeedpostgeneratorecho #malwaredescriptions #malwaretechnologies #cybersecuritynews #cryptocurrencies #incidentresponse
  13. Pyrzout :vm: @[email protected] ·

    Lumma Stealer – Tracking distribution channels – Source: securelist.com ciso2ciso.com/lumma-stealer-tr #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

    #soc #lumma #trojan #malware #captcha #telegram
  14. Pyrzout :vm: @[email protected] ·

    Lumma Stealer – Tracking distribution channels – Source: securelist.com ciso2ciso.com/lumma-stealer-tr #rssfeedpostgeneratorecho #MalwareDescriptions #MalwareTechnologies #CyberSecurityNews #Cryptocurrencies #IncidentResponse #Windowsmalware #securelistcom #Trojanstealer #Infostealers #Malvertizing #TIandIRposts #Phishing #Telegram #CAPTCHA #Malware #Trojan #Lumma #SOC

    #rssfeedpostgeneratorecho #malwaredescriptions #malwaretechnologies #cybersecuritynews #cryptocurrencies #incidentresponse
  15. TorrentFreak RSS @[email protected] ·

    Pirate Streaming Site Malware Campaign Infected One Million Devices

    torrentfreak.com/pirate-stream

    #streamingsites #malvertizing #microsoft #malware #Piracy

    #streamingsites #malvertizing #microsoft #malware #piracy
  16. TorrentFreak RSS @[email protected] ·

    Pirate Streaming Site Malware Campaign Infected One Million Devices

    torrentfreak.com/pirate-stream

    #streamingsites #malvertizing #microsoft #malware #Piracy

    #streamingsites #malvertizing #microsoft #malware #piracy
  17. TorrentFreak RSS @[email protected] ·

    Pirate Streaming Site Malware Campaign Infected One Million Devices

    torrentfreak.com/pirate-stream

    #streamingsites #malvertizing #microsoft #malware #Piracy

    #streamingsites #malvertizing #microsoft #malware #piracy
  18. TorrentFreak RSS @[email protected] ·

    Pirate Streaming Site Malware Campaign Infected One Million Devices

    torrentfreak.com/pirate-stream

    #streamingsites #malvertizing #microsoft #malware #Piracy

    #piracy #malware #microsoft #malvertizing #streamingsites
  19. TorrentFreak RSS @[email protected] ·

    Pirate Streaming Site Malware Campaign Infected One Million Devices

    torrentfreak.com/pirate-stream

    #streamingsites #malvertizing #microsoft #malware #Piracy

    #streamingsites #malvertizing #microsoft #malware #piracy
  20. Brad @[email protected] ·

    2025-01-22 (Wednesday): Traffic Analysis Exercise: Download from fake software site

    I've posted a traffic analysis exercise based on the same type of #Malvertizing I wrote about for my employer at linkedin.com/posts/unit42_2025 and x.com/Unit42_Intel/status/1882

    Details on that infection are at: github.com/PaloAltoNetworks/Un

    The exercise infection happened on the same day, but it's based on a site impersonating Google Authenticator instead of Microsoft Teams.

    The exercise #pcap is at malware-traffic-analysis.net/2

    #malvertizing #pcap
  21. Brad @[email protected] ·

    2025-01-22 (Wednesday): Traffic Analysis Exercise: Download from fake software site

    I've posted a traffic analysis exercise based on the same type of #Malvertizing I wrote about for my employer at linkedin.com/posts/unit42_2025 and x.com/Unit42_Intel/status/1882

    Details on that infection are at: github.com/PaloAltoNetworks/Un

    The exercise infection happened on the same day, but it's based on a site impersonating Google Authenticator instead of Microsoft Teams.

    The exercise #pcap is at malware-traffic-analysis.net/2

    #malvertizing #pcap
  22. Brad @[email protected] ·

    2025-01-22 (Wednesday): Traffic Analysis Exercise: Download from fake software site

    I've posted a traffic analysis exercise based on the same type of #Malvertizing I wrote about for my employer at linkedin.com/posts/unit42_2025 and x.com/Unit42_Intel/status/1882

    Details on that infection are at: github.com/PaloAltoNetworks/Un

    The exercise infection happened on the same day, but it's based on a site impersonating Google Authenticator instead of Microsoft Teams.

    The exercise #pcap is at malware-traffic-analysis.net/2

    #malvertizing #pcap
  23. Brad @[email protected] ·

    2025-01-22 (Wednesday): Traffic Analysis Exercise: Download from fake software site

    I've posted a traffic analysis exercise based on the same type of #Malvertizing I wrote about for my employer at linkedin.com/posts/unit42_2025 and x.com/Unit42_Intel/status/1882

    Details on that infection are at: github.com/PaloAltoNetworks/Un

    The exercise infection happened on the same day, but it's based on a site impersonating Google Authenticator instead of Microsoft Teams.

    The exercise #pcap is at malware-traffic-analysis.net/2

    #pcap #malvertizing
  24. Brad @[email protected] ·

    2025-01-22 (Wednesday): Traffic Analysis Exercise: Download from fake software site

    I've posted a traffic analysis exercise based on the same type of #Malvertizing I wrote about for my employer at linkedin.com/posts/unit42_2025 and x.com/Unit42_Intel/status/1882

    Details on that infection are at: github.com/PaloAltoNetworks/Un

    The exercise infection happened on the same day, but it's based on a site impersonating Google Authenticator instead of Microsoft Teams.

    The exercise #pcap is at malware-traffic-analysis.net/2

    #malvertizing #pcap
  25. Colin Cowie @[email protected] ·

    Sophos has observed new IcedID #malvertizing campaigns themed around adobe & other popular software packages

    🧊​ Infection Chain:

    ➡️​ Google search for "adobe reader"
    ↪️​ Google ad click
    ↪️​ TDS redirect: `likhs299us[.]tech`
    🎣​ Fake website: vvw-adobe[.]top
    ↪️​ Download of malware from firebase (.zip containing a .iso)
    🗄️​ Setup_Win_<timestamp>.zip / Setup_Win_<timestamp>.iso

    #IcedID C2: plivetrakoy[.]com

    #IOCs:
    🔗​ virustotal.com/gui/file/be9ac5
    🔗​ virustotal.com/gui/ip-address/
    #ThreatIntel #Malware #CTI

    #malvertizing #icedid #iocs #threatintel #malware #cti
  26. Colin Cowie @[email protected] ·

    Sophos has observed new IcedID #malvertizing campaigns themed around adobe & other popular software packages

    🧊​ Infection Chain:

    ➡️​ Google search for "adobe reader"
    ↪️​ Google ad click
    ↪️​ TDS redirect: `likhs299us[.]tech`
    🎣​ Fake website: vvw-adobe[.]top
    ↪️​ Download of malware from firebase (.zip containing a .iso)
    🗄️​ Setup_Win_<timestamp>.zip / Setup_Win_<timestamp>.iso

    #IcedID C2: plivetrakoy[.]com

    #IOCs:
    🔗​ virustotal.com/gui/file/be9ac5
    🔗​ virustotal.com/gui/ip-address/
    #ThreatIntel #Malware #CTI

    #malvertizing #icedid #iocs #threatintel #malware #cti
  27. Colin Cowie @[email protected] ·

    Sophos has observed new IcedID #malvertizing campaigns themed around adobe & other popular software packages

    🧊​ Infection Chain:

    ➡️​ Google search for "adobe reader"
    ↪️​ Google ad click
    ↪️​ TDS redirect: `likhs299us[.]tech`
    🎣​ Fake website: vvw-adobe[.]top
    ↪️​ Download of malware from firebase (.zip containing a .iso)
    🗄️​ Setup_Win_<timestamp>.zip / Setup_Win_<timestamp>.iso

    #IcedID C2: plivetrakoy[.]com

    #IOCs:
    🔗​ virustotal.com/gui/file/be9ac5
    🔗​ virustotal.com/gui/ip-address/
    #ThreatIntel #Malware #CTI

    #malvertizing #icedid #iocs #threatintel #malware #cti
  28. Colin Cowie @[email protected] ·

    Sophos has observed new IcedID #malvertizing campaigns themed around adobe & other popular software packages

    🧊​ Infection Chain:

    ➡️​ Google search for "adobe reader"
    ↪️​ Google ad click
    ↪️​ TDS redirect: `likhs299us[.]tech`
    🎣​ Fake website: vvw-adobe[.]top
    ↪️​ Download of malware from firebase (.zip containing a .iso)
    🗄️​ Setup_Win_<timestamp>.zip / Setup_Win_<timestamp>.iso

    #IcedID C2: plivetrakoy[.]com

    #IOCs:
    🔗​ virustotal.com/gui/file/be9ac5
    🔗​ virustotal.com/gui/ip-address/
    #ThreatIntel #Malware #CTI

    #cti #malware #threatintel #iocs #icedid #malvertizing
  29. Colin Cowie @[email protected] ·

    Sophos has observed new IcedID #malvertizing campaigns themed around adobe & other popular software packages

    🧊​ Infection Chain:

    ➡️​ Google search for "adobe reader"
    ↪️​ Google ad click
    ↪️​ TDS redirect: `likhs299us[.]tech`
    🎣​ Fake website: vvw-adobe[.]top
    ↪️​ Download of malware from firebase (.zip containing a .iso)
    🗄️​ Setup_Win_<timestamp>.zip / Setup_Win_<timestamp>.iso

    #IcedID C2: plivetrakoy[.]com

    #IOCs:
    🔗​ virustotal.com/gui/file/be9ac5
    🔗​ virustotal.com/gui/ip-address/
    #ThreatIntel #Malware #CTI

    #malvertizing #icedid #iocs #threatintel #malware #cti
  30. bencrypted@localhost:~$| @[email protected] ·

    Sophos has observed new #IcedID activity stemming from malvertizing.

    Infection Chain:
    ➡️ Google search for “slack”
    ↪️ Malicious ad click #malvertizing
    ↪️ Redirect 1: dasaert[.]fun/slack/index[.]php
    ↪️ Redirect 2: www-slack[.]top/downloads/windows/ (Registrar: AS29470 🇷🇺)
    ➡️ Download: setup_win_13-12-2022_17-15-46.zip, which contained the file setup_win_13-12-2022_17-15-46.msi

    Rundll32 was then invoked, referencing a DLL staged under %APPDATA%\Local\Temp\tmp*.dll

    Connections initiated with the C2 server: 143.198.92[.]88 (resolving to domain estrabornhot[.]com)

    Seemingly related lure sites can be found via URLScan - urlscan.io/search/#www-*.top

    #icedid #malvertizing
  31. bencrypted@localhost:~$| @[email protected] ·

    Sophos has observed new #IcedID activity stemming from malvertizing.

    Infection Chain:
    ➡️ Google search for “slack”
    ↪️ Malicious ad click #malvertizing
    ↪️ Redirect 1: dasaert[.]fun/slack/index[.]php
    ↪️ Redirect 2: www-slack[.]top/downloads/windows/ (Registrar: AS29470 🇷🇺)
    ➡️ Download: setup_win_13-12-2022_17-15-46.zip, which contained the file setup_win_13-12-2022_17-15-46.msi

    Rundll32 was then invoked, referencing a DLL staged under %APPDATA%\Local\Temp\tmp*.dll

    Connections initiated with the C2 server: 143.198.92[.]88 (resolving to domain estrabornhot[.]com)

    Seemingly related lure sites can be found via URLScan - urlscan.io/search/#www-*.top

    #icedid #malvertizing
  32. bencrypted@localhost:~$| @[email protected] ·

    Sophos has observed new #IcedID activity stemming from malvertizing.

    Infection Chain:
    ➡️ Google search for “slack”
    ↪️ Malicious ad click #malvertizing
    ↪️ Redirect 1: dasaert[.]fun/slack/index[.]php
    ↪️ Redirect 2: www-slack[.]top/downloads/windows/ (Registrar: AS29470 🇷🇺)
    ➡️ Download: setup_win_13-12-2022_17-15-46.zip, which contained the file setup_win_13-12-2022_17-15-46.msi

    Rundll32 was then invoked, referencing a DLL staged under %APPDATA%\Local\Temp\tmp*.dll

    Connections initiated with the C2 server: 143.198.92[.]88 (resolving to domain estrabornhot[.]com)

    Seemingly related lure sites can be found via URLScan - urlscan.io/search/#www-*.top

    #icedid #malvertizing
  33. bencrypted@localhost:~$| @[email protected] ·

    Sophos has observed new #IcedID activity stemming from malvertizing.

    Infection Chain:
    ➡️ Google search for “slack”
    ↪️ Malicious ad click #malvertizing
    ↪️ Redirect 1: dasaert[.]fun/slack/index[.]php
    ↪️ Redirect 2: www-slack[.]top/downloads/windows/ (Registrar: AS29470 🇷🇺)
    ➡️ Download: setup_win_13-12-2022_17-15-46.zip, which contained the file setup_win_13-12-2022_17-15-46.msi

    Rundll32 was then invoked, referencing a DLL staged under %APPDATA%\Local\Temp\tmp*.dll

    Connections initiated with the C2 server: 143.198.92[.]88 (resolving to domain estrabornhot[.]com)

    Seemingly related lure sites can be found via URLScan - urlscan.io/search/#www-*.top

    #malvertizing #icedid
  34. bencrypted@localhost:~$| @[email protected] ·

    Sophos has observed new #IcedID activity stemming from malvertizing.

    Infection Chain:
    ➡️ Google search for “slack”
    ↪️ Malicious ad click #malvertizing
    ↪️ Redirect 1: dasaert[.]fun/slack/index[.]php
    ↪️ Redirect 2: www-slack[.]top/downloads/windows/ (Registrar: AS29470 🇷🇺)
    ➡️ Download: setup_win_13-12-2022_17-15-46.zip, which contained the file setup_win_13-12-2022_17-15-46.msi

    Rundll32 was then invoked, referencing a DLL staged under %APPDATA%\Local\Temp\tmp*.dll

    Connections initiated with the C2 server: 143.198.92[.]88 (resolving to domain estrabornhot[.]com)

    Seemingly related lure sites can be found via URLScan - urlscan.io/search/#www-*.top

    #icedid #malvertizing