Advisory ID: NCC-CSIRT- 080523-021
Summary: Cybersecurity researchers from Elastic Security Labs discovered a new 'LOBSHOT' Malware distributed using Google ads in search results. The malware allows threat actors to stealthily take over infected Windows devices.
Vulnerable Platform(s): Google ads
Threat Type: Malware
Impact/Probability: CRITICAL/HIGH
Product : Windows Devices
Version: All Versions
Description: According to the researchers, threat actors distributed the LOBSHOT malware strains using an elaborate scheme of fake websites through Google Ads. Users download what they believe to be legitimate installers for genuine software applications. Once the installer is initiated the compromised system is backdoored (a feature or defect of a computer system that allows secret unauthorized access to data), and malware is installed without the victim’s knowledge.
The malware remains hidden on the compromised Windows devices, while still being capable of stealing sensitive information from the victim by using a Hidden Virtual Network Computing (hVNC).
Consquences: Full remote control of the compromised Windows devices.
Solution :
- Users should be careful of promoted Google ads.
- When online, always check on the website promoted by Google ads versus the legitimate website distributing genuine software.
References:
https://www.bleepingcomputer.com/news/security/new-lobshot-malware-gives-hackers-hidden-vnc-access-to-windows-devices/
https://www.helpnetsecurity.com/2023/05/02/infostealer-hvnc/
https://www.pcrisk.com/internet-threat-news/26662-new-malware-granting-threat-actors-hidden-vnc-access
https://cybersecurityworldconference.com/2023/05/02/new-lobshot-hvnc-malware-spreads-via-google-ads/