Threat actors have been distributing the Mars Stealer malware through Google Ads, according to The Hacker News.
Initially discovered last June, the Oski Stealer-based Mars Stealer has been continuously developed and spread through social engineering campaigns, cracked software, malspam campaigns, and keygens, wrote Morphisec malware researcher Arnold Osipov.
The report detailed that while spam email messages with compressed executables, document payloads, or download links are prevalently leveraged for Mars Stealer distribution, malicious actors have also been using spoofed websites with advertisements of widely-used software that have been pushed through Google Ads.
Such technique involves the use of targeted advertisements that would redirect victims to a malicious site which would then allow deployment of the malware, which features browser autofill data, browser extension detail, and credit card information harvesting and exfiltration capabilities. Researchers were able to link the campaign to a Russian speaker following the attackers' accidental compromise of their own machine.
"Infostealers offer an accessible entry point to criminal activity," wrote Osipov.