Abstract
Sometimes you might be browsing the Internet and come across an advertisement for free downloads of Windows applications. Obviously, this is too good to be true, and hackers tend to exploit advertisements to spread their influence across devices. Malvertising is used to deliver various types of threats, all of which can cause considerable harm to unprepared businesses.
The particular malvertisement threat in question is a new campaign targeting users in Canada, the United States, Europe, Australia, and Nigeria, and it aims to steal information like usernames, passwords, and other sensitive credentials.
ZDNet reports that this new malvertising campaign—called Magnat by Cisco Talos—spreads a malicious browser extension using Trojan malware, providing a backdoor entrance to the user’s device. This new, as-yet-undocumented threat appears to be custom-built over the past several years. Other types of malware used in this campaign include a password stealer which is installed on the user’s device through the use of the backdoor.
The browser extension (also a keylogger) and the password stealer are standard fare for threats, but the backdoor, called MagnatBackdoor, is a special type that allows attacks to gain remote control over a PC without detection. It also adds a new user to the device and installs keyloggers, as well as other malware, that enable the attacker to steal sensitive information. Researchers believe that the threat works like a banking trojan with the primary aim being to steal credentials for individual sale on the Dark Web. Of course, the credentials could also be used by the attackers, too.
This malware is distributed primarily through advertisements that link to malicious file downloads, with the big kicker being that these adverts advertise popular software applications. While there is reason to be concerned about this campaign, however, it’s also important to know that it’s nothing new. These threats are commonplace and security researchers, as well as security professionals in the field like ourselves, fully understand how to keep your devices as safe as possible.
NetMGM wants to help your business keep itself safe from these types of threats (and more). If you need some pointers on how to keep your employees from clicking on these advertisements, we can provide training, as well! To learn more, reach out to us at 888-748-2525.
ABOUT THE AUTHOR
Rafiq Masri
With over 25 years of experience in Information Technology, Rafiq is one of the most accomplished, versatile and certified engineer in the field. He has spent the past 2 ½ decades administering and supporting a wide range of clients and has helped position Network Management, Inc. as a leader in the IT Managed Services space.
Rafiq has built a reputation for designing, building and supporting top notch IT infrastructures to match the business objectives and goals of his clients.
Embracing the core values of integrity, innovation, and reliability, Rafiq has a very loyal client base with some customer relationships dating back 20+ years.
Rafiq holds a bachelor’s degree in Mechanical Engineering from the University of Michigan and has completed graduate programs in Software Engineering and Business at Harvard and George Mason University. Rafiq is a former founder and CEO of Automation, Inc. in Ann Arbor, Michigan as well as a valued speaker on entrepreneurship and technology at industry events such as ExpoTech and others.