MadMxShell Exploit: Malvertising Campaign Hijacks Google Ads to Deploy Windows Backdoor
April 19, 2024A malvertising campaign dubbed MadMxShell is exploiting Google Ads to push fake websites, delivering a Windows backdoor zero-day exploit.
The campaign is the first recorded instance of a Windows backdoor being successfully deployed via malvertising.
MadMxShell is capable of file manipulation, collecting system data, executing commands, and uses evasion techniques.
The operation began in June 2023, posing a serious risk to cybersecurity.
The perpetrator is active on criminal forums, hinting at plans for a sustained malvertising operation.
The campaign exploits Google Ads threshold accounts to defer payment until a set limit is reached, enabling prolonged malicious ad runs.
Summary based on 2 sources
Get a daily email with more Tech stories
Sources
The Hacker News • Apr 18, 2024
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden BackdoorOODA Loop • Apr 18, 2024
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor