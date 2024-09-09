Phishing, Threat Intelligence, Identity

Malvertising campaign targets Lowe’s employees

Share

Malicious Google ads have been leveraged by threat actors to target employees of U.S. home improvement retail chain Lowe's as part of a new malvertising campaign, Cybernews reports.

Attacks involved the creation of several ads redirecting to spoofed versions of Lowe's MyLowesLife employee portal in a bid to compromise credentials from current and former workers, according to a report from Malwarebytes Labs. Threat actors also sought to evade hosting provider and domain registrar detection by using artificial intelligence-generated templates to establish the phishing sites. After seeking targets to input their sales numbers and passwords that are later exfiltrated, such phishing sites prompt users to answer a security question before redirecting to the legitimate MyLowesLife website that will ask for another login, said Malwarebytes researchers. Google has since removed the malicious ads, noted researchers, who urged all workers looking to use their respective employee portals to search their company's official website or bookmark the portal rather than using sponsored search results.

Related

Ongoing Lazarus Group campaign sets sights on blockchain pros

Attacks spreading the credential- and cryptocurrency wallet asset-stealing BeaverTail malware variant that delivers that information-stealing Python-based InvisibleFerret backdoor were initially conducted by Lazarus Group via fake job offers that dupe targets into executing a malicious Node.js project.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.