LOBSHOT malware
New LOBSHOT malware gives hackers hidden VNC access to Windows devices
Last updated
New LOBSHOT malware gives hackers hidden VNC access to Windows devices
Last updated
@ndma 02 May 2023
TA505
Clop ransomware gang.
A new malware known as ‘LOBSHOT’ distributed using Google ads allows threat actors to stealthily take over infected Windows devices using hVNC.
Earlier this year, BleepingComputer and numerous cybersecurity researchers reported a dramatic increase in threat actors utilizing Google ads to distribute malware in search results.
These advertising campaigns impersonated websites for 7-ZIP, VLC, OBS, Notepad++, CCleaner, TradingView, Rufus, and many more applications.
In a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.
These ads promoted the legitimate AnyDesk remote management software but led to a fake AnyDesk site at amydeecke[.]website.
Reference
https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/