Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Malicious Google Ads found promoting a fake IP scanner that just wants to steal your data

Ransomware .

Security researchers have spotted another malicious advertising campaign in Google Ads that sees hackers impersonating multiple legitimate software companies. 

While definitely not the first of its kind, this campaign was said to be unique for distributing a sophisticated Windows backdoor.

The campaign was first spotted by cybersecurity researchers from Zscaler Threat labs, who noted between November 2023, and March 2024, unidentified threat actors registered at least 45 domains. All of them were typosquatted versions of port scanning and IT management software companies, such as Advanced IP Scanner, Angry IP Scanner, IP scanner PRTG, and ManageEngine.

New malware

Then, they somehow managed to create an ad campaign on Google Ads to promote these sites. Usually, hackers would do it by obtaining access to a legitimate Google Ads account, possibly one with a proven track record of “clean” ads. 

Consequently, whoever would search for this type of software on Google would be presented with these ads in the top of the search engine results page, as well as in other locations reserved for ads. Those who would open the site, and download the programs offered there, would end up getting the MadMxShell backdoor.

This backdoor, The Hacker News reports, is a brand new piece of malware. Its infection chain is relatively long, and includes multiple DLL and EXE files. 

"The backdoor uses techniques such as multiple stages of DLL side-loading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively," the researchers explained.

"In addition, the backdoor uses evasive techniques like anti-dumping to prevent memory analysis and hinder forensics security solutions."

So far, the researchers don’t know who the attackers are, or what their motives for the campaign might be. A backdoor has numerous use cases, from data theft and espionage, to unauthorized access, setting up persistence, and even remote control.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.