Hackers Abuse Google Advertisements To Attacking Graphic Design Professionals

Researchers recognized a risk actor leveraging Google Search advertisements to focus on graphic design professionals, because the actor has launched no less than 10 malvertising campaigns hosted on two particular IP addresses: 185.11.61[.]243 and 185.147.124[.]110, the place these malicious advertisements, when clicked, redirect customers to web sites that provoke malicious downloads.

Two IP addresses, 185.11.61.243 and 185.147.124.110, have been related to a malicious graphic design/CAD malvertising marketing campaign, the place the primary IP tackle has been energetic since July 29, 2024, and presently hosts 109 distinctive domains. 

The second IP tackle was activated extra not too long ago on November 25, 2024, and presently hosts 85 distinctive domains, that are getting used to distribute malicious payloads, possible by means of compromised web sites and ads. 

– Commercial –

2024 MITRE ATT&CK Analysis Outcomes Launched for SMEs & MSPs -> Obtain Free Information

A malvertising marketing campaign, initiated on November 13, 2024, utilized frecadsolutions[.]com, hosted on 185.11.61[.]243.

Subsequently, on November 14, 2024, the same marketing campaign launched on frecadsolutions[.]cc, leveraging Bitbucket for malicious downloads. 

On November 26, 2024, a brand new marketing campaign emerged on freecad-solutions[.]web, initially hosted on 185.11.61[.]243 and later migrating to 185.147.124[.]110, which linked to the IP tackle 185.11.61[.]243, indicating a coordinated effort to distribute malware by means of misleading ads. 

On November 27, 2024, a collection of malvertising campaigns commenced, throughout which the domains frecadsolutions.org and rhino3dsolutions.io, beforehand hosted on 185.11.61.243, had been migrated to 185.147.124.110. 

By making the most of vulnerabilities in advert networks, these malicious domains had been capable of redirect customers to malicious web sites, which might doubtlessly compromise techniques with malware.

Current malvertising campaigns have leveraged a number of domains and IP addresses, the place malicious exercise started on November seventeenth with rhino3dsolutions[.]web hosted on 185.11.61[.]243. 

The area was then migrated to 185.147.124[.]110 on November twenty sixth, launching a brand new malvertising marketing campaign.

Subsequently, planner5design[.]web, hosted on the identical IP tackle from December 1st to sixth, initiated two separate malvertising campaigns. 

On December ninth, extra not too long ago, onshape3d.org, which has additionally been hosted on 185.147.124.110 because the 1st of December, initiated its very personal malvertising marketing campaign.

On December 8, 2024, a malicious actor hosted the frecad3dmodeling[.]org area on the IP tackle 185.147.124[.]110, which was subsequently utilized in a malvertising marketing campaign launched on December 10, 2024. 

In keeping with Silent Push, to ship malicious payloads to customers who had been unaware of the marketing campaign’s intentions, vulnerabilities in net browsers or advert networks had been possible exploited.

The supplied record contains IP addresses and domains related to a malicious promoting infrastructure, which, possible managed by a risk actor, leverages these sources to distribute dangerous ads. 

These advertisements can doubtlessly result in malware infections, phishing assaults, or different cyber threats.

Organizations and people are suggested to train warning when interacting with content material from these sources and implement strong safety measures to mitigate dangers.

Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Strive for Free