Cyber criminals are using online adverts for fake versions of popular software to trick users into downloading three forms of malware – including a malicious browser extension with the same capabilites as trojan malware – that provide attackers with usernames and passwords, as well as backdoor remote access to infected Windows PCs.
The attacks, which distribute two forms of seemingly undocumented custom-developed malware, have been detailed by cybersecurity researchers at Cisco Talos who’ve named the campaign ‘magnat’. It appears the campaign has been operating in some capacity since 2018 and the malware has been in continuous development.
Over half of the victims are in Canada, but there have also been victims around the world, including in the United States, Europe, Australia and Nigeria.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Researchers believe that victims are tricked into downloading the malware via malvertising – malicious online adverts – that trick them into downloading fake installers of popular software onto their systems. The users are likely to be looking for the legitimate versions of the software, but get directed to the malicious versions by advertising.
Some of the software that users are tricked into downloading includes fake versions of messaging apps such as Viber and