Malicious Google ads for messaging apps leveraged for malware distribution

Malicious Google ads for Telegram, LINE, and other messaging apps banned in China have been used to facilitate a malvertising campaign against Chinese-speaking users, which is part of a series of attacks involving fraudulent WhatsApp and Telegram ads aimed at Hong Kong-based users in October, reports The Hacker News. Malwarebytes researchers discovered that clicking on the fake ads, linked to Nigeria-based Ringier Media Nigeria Limited and Interactive Communication Team Limited, redirected to Google-hosted sites that allowed the deployment of the Gh0st RAT and PlugX trojans. "It also appears that the threat actor privileges quantity over quality by constantly pushing new payloads and infrastructure as command-and-control," said Malwarebytes researcher Jerome Segura. The campaign comes amid the increased targeting of Microsoft 365 users with the Greatness phishing-as-a-service platform reported by Trustwave SpiderLabs researchers. "The number of victims is unknown at this time, but Greatness is widely used and well-supported, with its own Telegram community providing information on how to operate the kit, along with additional tips and tricks," said Trustwave.