Recent analysis by Malwarebytes highlights how threat actors continue leveraging malvertising in various ways to proliferate malware. Malwarebytes posted a blog discussing a recently observed advertising campaign directing victims to download a new loader labeled Invalid Printer, which later delivers Aurora malware as a payload. The attack begins as users click on a potentially risky ad, which redirects them to a full-screen browser window mimicking a Windows security update. The file that users download, Invalid Printer, appears to be unique to this threat actor as researchers have only recently identified and begun to detect it. Aurora spyware is dropped if the victim makes it this far.
To protect against malvertising, members are encouraged to review CISA’s CAPACITY ENHANCEMENT GUIDE Securing Web Browsers and Defending Against Malvertising for Non-Federal Organizations. Read more at Malwarebytes.