Hackers Exploit Google Ads for Malware Delivery, Researchers Warn
Cybersecurity experts have identified a sophisticated malware campaign leveraging Google's ad infrastructure. Attackers disguise malicious links within seemingly legitimate Google ads, redirecting victims to infection chains that operate largely in memory, leaving minimal traces. This tactic exploits the trust placed in Google's ad domains, bypassing many security filters.
Key points
- Researchers from Huntress have detailed a malware campaign using Google's ad systems for delivery.
- The attack begins with spam emails containing HTML attachments that redirect victims through ad.doubleclick.net.
- This method bypasses many security filters due to the trusted nature of Google's ad domains.
- The malware dynamically rebuilds fake company pages using live logos and executes largely in system memory.
- The campaign's stealthy, in-memory execution aims to evade detection by security software.
A new malware campaign is reportedly using Google's own advertising infrastructure as a conduit for malicious activity, according to cybersecurity researchers.
The operation, as detailed by Huntress researchers, begins with spam emails containing HTML attachments. These attachments are designed to redirect unsuspecting users towards a multi-stage infection chain. Crucially, this redirection process initially passes through ad.doubleclick.net, a domain owned and widely trusted by Google for advertising and tracking.
This exploitation of a legitimate, high-trust domain is significant because many email security gateways and web filtering systems are configured to scrutinize traffic less rigorously when it originates from known Google ad servers. The malware chain itself is designed to be highly evasive. It dynamically reconstructs fake company landing pages using real logos scraped from the internet and executes its malicious payload almost entirely within the computer's memory, aiming to leave minimal forensic evidence and evade traditional detection methods.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.