Threat actors have been distributing the FatalRAT malware in a new Google Ads campaign impersonating Google Chrome, WhatsApp, Skype, and other applications, reports The Hacker News.
All of the ads leveraged in the FatalRAT campaign have already been removed but not before it was able to lure victims into downloading malicious software from legitimate-looking websites with typosquatted domains, according to an ESET report.
Most of the campaign's victims are from Taiwan, China, Hong Kong, Malaysia, and Japan. Downloading and executing the malicious software triggers a loader that would then prompt FatalRAT deployment.
Systems compromised with FatalRAT could be completely controlled by attackers, enabling arbitrary shell command execution, file execution, web browser data exfiltration, and keystroke capturing.
"The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible. The fake websites are, in most cases, identical copies of the legitimate sites," said researchers.