Hackers are increasingly using ad tools and marketing gimmicks to sell their work

Turns out criminals also want to know who interacts with their copy

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are increasingly using ad tools and marketing gimmicks to try and stand out from the crowd, new research fromHPWolf Security has claimed.

In the marketing and advertising world, user interaction is one of the key performance indicators, and professionals use different tools to see which ads people click on more, and which ads they ignore - allowing them to optimize their messages and campaigns for maximum impact.

Now, according to HP Wolf Security’s latest Threat Insights Report, hackers are doing something similar. Observing the DarkGate campaign, the researchers saw threat actors using malicious PDF attachments, posing as OneDrive error messages, which direct users to sponsored content hosted on popular ad networks.

Delivering DarkGate

The end-goal for this campaign is to deliver DarkGate, a piece of malware first spotted in 2018, that now comes with a wide variety of tools. Generally speaking, DarkGate is a loader, allowing threat actors to deploy more dangerous malware in later stages of the compromise. However, some researchers pointed out that DarkGate is also capable of stealing credentials from the target endpoints, and granting remote access.

By using ad services, the researchers further explain, threat actors can also analyze which of their lures generate most interest among their targets, helping them hone their campaigns and improve their efficiency.

They’re also using CAPTCHA tools, preventing sandboxes from scanning their malware and making sure only actual humans click.

Elsewhere in the report, HP Wolf Security says the trend of moving away from macro-enabled Office attacks is still ongoing. However, this type of attacks still has its place, “particularly for attacks leveraging cheap commodity malware like Agent Tesla and XWorm”.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Finally, PDF malware is on the rise, with 11% of malware analyzed in Q4 2023 using PDFs to deliver the payload, up from just 4% in Q1 and Q2 of the same year. A notable example, the researchers said, was a WikiLoader campaign using a fake parcel delivery PDF to trick users into installing Ursnifmalware.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI