A new nefarious campaign has been discovered that promotes malicious websites and fake installers by using tainted Google Search results. FatalRAT is primarily targeting Chinese people in East and Southeast Asia. The IOCs of the threat activities did not correspond to any previously identified threat group.
According to telemetry data collected by ESET researchers, the campaign began in May 2022 and lasted until January 2023. The most targeted victims were found in China, Hong Kong, and Taiwan, with attacks also occurring in Thailand, Singapore, Indonesia, the Philippines, Japan, Malaysia, and Myanmar. Attackers promoted their rogue websites hosting trojanized installers via Google paid advertisements. These advertisements have now been removed.
To host the malicious websites, attackers enrolled several equivalents to legitimate typosquatting domains (such as telegraem[.]org) from (telegram[.]org). These bogus domains host websites that look exactly like the real ones, and they all point to the same IP address. This IP address is associated with a server that hosts multiple fake websites and tainted installers, as well as actual installers and the FatalRAT loader.
Since Chinese language versions of genuine software applications are not available in China, the websites and installers are disguised. Telegram, LINE, WhatsApp, Signal, Skype, Google Chrome, Mozilla Firefox, WPS Office, E
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: