More threat actors have been distributing malware through fraudulent websites of widely used software products that are being promoted by exploiting the Google Ads platform, according to BleepingComputer. Malwarebytes, Grammarly, Slack, MSI Afterburner, Dashlane, AnyDesk, Audacity, Brave, Thunderbird, Teamviewer, Libre Office, Ring, OBS, and Torrent had their websites cloned by attackers to facilitate the distribution of trojanized software versions, which deploy Raccoon Stealer variants, a custom Vidar Stealer version, and the IcedID malware loader, a report from Guardio Labs revealed. Attackers have exploited Google Ads to make the fraudulent sites evade automated checks implemented by Google. Victims of the scheme have been lured by threat actors to click on an ad redirected to an irrelevant site that further redirects them to a malicious site masquerading as those belonging to the software products. "Those rogue sites are practically invisible to visitors not reaching from the real promotional flow showing up as benign, unrelated sites to crawlers, bots, occasional visitors, and of course for Googles policy enforcers," said Guardio Labs.