Malicious Google Ads found promoting a fake IP scanner that just wants to steal your data

Security researchers find more malware hiding behind bad ads

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have spotted another malicious advertising campaign inGoogleAds that sees hackers impersonating multiple legitimate software companies.

While definitely not the first of its kind, this campaign was said to be unique for distributing a sophisticated Windows backdoor.

The campaign was first spotted by cybersecurity researchers from Zscaler Threat labs, who noted between November 2023, and March 2024, unidentified threat actors registered at least 45 domains. All of them were typosquatted versions of port scanning and IT management software companies, such as Advanced IP Scanner, Angry IP Scanner, IP scanner PRTG, and ManageEngine.

New malware

Then, they somehow managed to create an ad campaign on Google Ads to promote these sites. Usually, hackers would do it by obtaining access to a legitimate Google Ads account, possibly one with a proven track record of “clean” ads.

Consequently, whoever would search for this type of software on Google would be presented with these ads in the top of the search engine results page, as well as in other locations reserved for ads. Those who would open the site, and download the programs offered there, would end up getting the MadMxShell backdoor.

This backdoor,The Hacker Newsreports, is a brand new piece ofmalware. Its infection chain is relatively long, and includes multiple DLL and EXE files.

“The backdoor uses techniques such as multiple stages of DLL side-loading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively,” the researchers explained.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“In addition, the backdoor uses evasive techniques like anti-dumping to prevent memory analysis and hinder forensics security solutions.”

So far, the researchers don’t know who the attackers are, or what their motives for the campaign might be. A backdoor has numerous use cases, from data theft and espionage, to unauthorized access, setting up persistence, and even remote control.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case