@ndma 02 May 2023

Threat Actor

TA505

Clop ransomware gang.

Description

A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.

Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.

These advertising campaigns impersonated websites for 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, Rufus, and many more applications.

In a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.

These ads promoted the legitimate AnyDesk remote management software but led to a fake AnyDesk site at amydeecke[.]website.

Reference

https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/