AhnLab Security Intelligence Center (ASEC) has recently discovered that hackers are actively exploiting the Google Ads Tracking feature to deliver malware.<\/p>\n\n\n\n
Hackers Exploit Google Ads Tracking<\/strong><\/h2>\n\n\n\nAhnLab discovered<\/a> malware disguised as popular groupware installers like Notion and Slack, distributed via Google Ads tracking. Upon execution, it fetches malicious payloads from attacker servers.\u00a0<\/p>\n\n\n\nWhile the identified malicious file names include:-<\/p>\n\n\n\n
\n- Notion_software_x64_.exe<\/li>\n\n\n\n
- Slack_software_x64_.exe<\/li>\n\n\n\n
- Trello_software_x64_.exe<\/li>\n\n\n\n
- GoodNotes_software_x64_32.exe<\/li>\n<\/ul>\n\n\n\n
![\"\"\/](\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgcAI9aIT_kFqpQAvOSiawsv3T3W-4TL_GuI65TDgj04aT60bwgUg2z54YMQy_fck7EXvfXXRel04nflh4_n7E-Gg_vpDXVMoyza3X9lFqnbdxtohONg5_vv57IUicUrdu-PhpwWuTMmUTAFJlyLuplaE7Ft3CPz9m1xD-JHFffg-jJ1Uapuy5J6uMFmpov\/s16000\/URLs%20(Source%20-%20ASEC).webp\")
URLs (Source – ASEC)<\/figcaption><\/figure><\/div>\n\n\nThe ad example shows a tracking URL hidden from users. Clicking the visible banner redirects users to the concealed tracking template URL rather than the displayed final URL.<\/p>\n\n\n
\n![\"\"\/](\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNue51aKAdzGMDYAqTyRugDkd6esuaDH_7cqddUPaljPzaCd3VtwECQwphQNCLLUbsmILt4O5Rs9vVxD0sT9Fs_OY5qji98AkPoiqnwWkd4E045Z_kXPBx9zJ6YeNwD3l5-Sx2o4QUiyevfjn-tYcs0StMVwKunvaQ8kTy6ObZTrqoJFdrTNCxkFnH1VEE\/s16000\/Redirection%20sequence%20(Source%20-%20ASEC).webp\")
Redirection sequence (Source – ASEC)<\/figcaption><\/figure><\/div>\n\n\nThe hackers abused the Google Ads tracking feature, which is intended for website traffic analysis, to distribute malware from a malicious site instead of legitimate analytics.\u00a0<\/p>\n\n\n\n
When active, the malicious ad redirected clickers to download harmful files under false pretenses before its removal.<\/p>\n\n\n\n
Here below we have mentioned the redirection address:-<\/p>\n\n\n\n
1. hxxps:\/\/www.googleadservices[.]com\/pagead\/aclk? sa=L&ai=DChcSEwjvxY_g38yEAxX96RYFHbN_DHwYABAAGgJ0bA&ase=2&gclid=CjwKCAiArfauBhApEiwAeoB7qFTSv58y3y V4nTuE_ptW9t-YIT1- Y_jH70VIcuKX3qsNu9u5d2TplRoCKDwQAvD_BwE&ohost=www.google.com&cid=CAESVeD21RQt4fRwNUkcEV8_EYQ96O MpQS8F7ZevrgG_k_jZewow_akDRbQ3vK-L7r7Z7yVUCyf4YKpyZrJCjoIkJjEcGbU1LviHlcWC8x9hRsFbAGy8Sbc&sig=AOD64_3Ho3r-SX_3edPZOWfLXPSWeCY1SQ&q&nis=6&adurl&ved=2ahUKEwibkYng38yEAxWScPUHHRJlCjAQ0Qx6BAgFEAE<\/p>\n\n\n\n
2. hxxps:\/\/pantovawy.page[.]link\/jdF1\/?url=https:\/\/www.notion.so\/pricing%3Fgad_source%3D1&id=8<\/p>\n\n\n\n
3. hxxps:\/\/cerisico[.]net\/<\/p>\n\n\n\n
Here below we have mentioned the final landing page:-<\/p>\n\n\n\n
\n- hxxps:\/\/notione.my-apk[.]com<\/li>\n<\/ul>\n\n\n\n
The final landing page mimicked legitimate groupware sites, tricking visitors into downloading and running the malware. <\/p>\n\n\n\n
While post-execution, the malware fetched malicious payload addresses from text-sharing sites like tinyurl.com and textbin.net. <\/p>\n\n\n\n
These shared URLs then provided the actual malware download links hosted on compromised domains like slashidot.org, yogapets.xyz, bookpool.org, and birdarid.org, completing the multi-stage infection process.<\/p>\n\n\n\n
The Rhadamanthys infostealer<\/a> malware fetched from the malicious links gets injected into legitimate Windows %system32% files like dialer.exe, openwith.exe, dllhost.exe, and rundll32.exe. <\/p>\n\n\n\nRunning via trusted binaries allows it to stealthily steal private data. <\/p>\n\n\n\n
This case confirms attackers exploit Google Ads and other search engine ad tracking to distribute malware. Users should carefully verify the URL when accessing sites, and not trust the advertised banner URL.<\/p>\n\n\n\n
IoCs<\/strong><\/h2>\n\n\n\nMD5s<\/strong><\/h3>\n\n\n\n\n- 9437c89a5f9a51a4ff6d6076083fa6c9<\/li>\n\n\n\n
- 12b6229551fbb1dcb2823bc8b611300f<\/li>\n\n\n\n
- 33aa3073d148816e9e8de0af4f84582e<\/li>\n\n\n\n
- f0a3499f83d2d9066ab19d39b9af6696<\/li>\n\n\n\n
- 2498997ab3e66e24bc08d044e0ef4418<\/li>\n\n\n\n
- f2590ece758eb32302c504ac3ff413f4<\/li>\n\n\n\n
- eef03c8cd2f27ead8b2d59d5cda4cf6e<\/li>\n\n\n\n
- 9034cf58867961cde08a20cb1057c490<\/li>\n\n\n\n
- f7200603cb8aa9e2b544255ed848c9c0<\/li>\n<\/ul>\n\n\n\n
URLs<\/strong><\/h3>\n\n\n\n\n- hxxp:\/\/tinyurl[.]com\/4jnvfsns<\/li>\n\n\n\n
- hxxp:\/\/tinyurl[.]com\/4a3uxm6m<\/li>\n\n\n\n
- hxxps:\/\/textbin[.]net\/raw\/oumciccl6b<\/li>\n\n\n\n
- hxxp:\/\/tinyurl[.]com\/mrx7263e<\/li>\n\n\n\n
- hxxp:\/\/tinyurl[.]com\/253x7rnn<\/li>\n\n\n\n
- hxxps:\/\/slashidot[.]org\/@abcDP.exe<\/li>\n\n\n\n
- hxxps:\/\/yogapets[.]xyz\/@abcmse1.exe<\/li>\n\n\n\n
- hxxps:\/\/bookpool[.]org\/@Base.exe<\/li>\n\n\n\n
- hxxp:\/\/birdarid[.]org\/@abcDS.exe<\/li>\n\n\n\n
- hxxps:\/\/alternativebehavioralconcepts[.]org\/databack\/notwin.php<\/li>\n\n\n\n
- hxxps:\/\/pantovawy.page[.]link\/jdF1\/?url=https:\/\/www.notion.so\/pricing%3Fgad_source%3D1&id=8<\/li>\n\n\n\n
- hxxps:\/\/cerisico[.]net\/<\/li>\n<\/ul>\n\n\n\n
File Detection<\/strong><\/h3>\n\n\n\n\n- Trojan\/Win.Agent.C5595056 (2024.02.29.02)<\/li>\n\n\n\n
- Trojan\/Win.Agent.C5592526 (2024.02.23.02)<\/li>\n\n\n\n
- Trojan\/Win.Agent.C5594794 (2024.02.28.03)<\/li>\n\n\n\n
- Trojan\/Win.Rhadamanthys.R636740 (2024.02.27.00)<\/li>\n<\/ul>\n\n\n\n
Behavior Detection<\/strong><\/h2>\n\n\n\n\n- Injection\/MDP.Event.M10231<\/li>\n<\/ul>\n\n\n\n
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on\u00a0LinkedIn<\/a>\u00a0&\u00a0Twitter<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Google Ads is a big platform with a wide user base, which makes it attractive to threat actors who want to reach many targets at once. These malicious ads can also be created or legitimate ones hijacked to spread malware, phishing scams, and other malicious content around. The complex ad targeting options on Google Ads […]<\/p>\n","protected":false},"author":6,"featured_media":61046,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","fifu_image_alt":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,9,33],"tags":[149,1883,1882],"class_list":{"0":"post-61042","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-cyber-attack","9":"category-malware","10":"tag-cyber-security","11":"tag-google-ads-exploitation","12":"tag-malware-distribution"},"yoast_head":"\n
Hackers Exploit Google Ads Tracking Feature To Deliver Malware<\/title>\n<meta name=\"description\" content=\"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Exploit Google Ads Tracking Feature To Deliver Malware\" \/>\n<meta property=\"og:description\" content=\"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-01T13:08:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-01T13:08:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","description":"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","og_description":"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.","og_url":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2024-04-01T13:08:10+00:00","article_modified_time":"2024-04-01T13:08:11+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","datePublished":"2024-04-01T13:08:10+00:00","dateModified":"2024-04-01T13:08:11+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/"},"wordCount":714,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","Google Ads Exploitation","Malware Distribution"],"articleSection":["Cyber Security News","Cyberattack News","Malware"],"inLanguage":"en-US","copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","url":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","name":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2024-04-01T13:08:10+00:00","dateModified":"2024-04-01T13:08:11+00:00","description":"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/google-adstracking-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage","url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900","caption":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/61042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=61042"}],"version-history":[{"count":3,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/61042\/revisions"}],"predecessor-version":[{"id":61111,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/61042\/revisions\/61111"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/61046"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=61042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=61042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=61042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
While the identified malicious file names include:-<\/p>\n\n\n\n
- \n
- Notion_software_x64_.exe<\/li>\n\n\n\n
- Slack_software_x64_.exe<\/li>\n\n\n\n
- Trello_software_x64_.exe<\/li>\n\n\n\n
- GoodNotes_software_x64_32.exe<\/li>\n<\/ul>\n\n\n\n
URLs (Source – ASEC)<\/figcaption><\/figure><\/div>\n\n\n The ad example shows a tracking URL hidden from users. Clicking the visible banner redirects users to the concealed tracking template URL rather than the displayed final URL.<\/p>\n\n\n
\nRedirection sequence (Source – ASEC)<\/figcaption><\/figure><\/div>\n\n\n The hackers abused the Google Ads tracking feature, which is intended for website traffic analysis, to distribute malware from a malicious site instead of legitimate analytics.\u00a0<\/p>\n\n\n\n
When active, the malicious ad redirected clickers to download harmful files under false pretenses before its removal.<\/p>\n\n\n\n
Here below we have mentioned the redirection address:-<\/p>\n\n\n\n
1. hxxps:\/\/www.googleadservices[.]com\/pagead\/aclk? sa=L&ai=DChcSEwjvxY_g38yEAxX96RYFHbN_DHwYABAAGgJ0bA&ase=2&gclid=CjwKCAiArfauBhApEiwAeoB7qFTSv58y3y V4nTuE_ptW9t-YIT1- Y_jH70VIcuKX3qsNu9u5d2TplRoCKDwQAvD_BwE&ohost=www.google.com&cid=CAESVeD21RQt4fRwNUkcEV8_EYQ96O MpQS8F7ZevrgG_k_jZewow_akDRbQ3vK-L7r7Z7yVUCyf4YKpyZrJCjoIkJjEcGbU1LviHlcWC8x9hRsFbAGy8Sbc&sig=AOD64_3Ho3r-SX_3edPZOWfLXPSWeCY1SQ&q&nis=6&adurl&ved=2ahUKEwibkYng38yEAxWScPUHHRJlCjAQ0Qx6BAgFEAE<\/p>\n\n\n\n
2. hxxps:\/\/pantovawy.page[.]link\/jdF1\/?url=https:\/\/www.notion.so\/pricing%3Fgad_source%3D1&id=8<\/p>\n\n\n\n
3. hxxps:\/\/cerisico[.]net\/<\/p>\n\n\n\n
Here below we have mentioned the final landing page:-<\/p>\n\n\n\n
- \n
- hxxps:\/\/notione.my-apk[.]com<\/li>\n<\/ul>\n\n\n\n
The final landing page mimicked legitimate groupware sites, tricking visitors into downloading and running the malware. <\/p>\n\n\n\n
While post-execution, the malware fetched malicious payload addresses from text-sharing sites like tinyurl.com and textbin.net. <\/p>\n\n\n\n
These shared URLs then provided the actual malware download links hosted on compromised domains like slashidot.org, yogapets.xyz, bookpool.org, and birdarid.org, completing the multi-stage infection process.<\/p>\n\n\n\n
The Rhadamanthys infostealer<\/a> malware fetched from the malicious links gets injected into legitimate Windows %system32% files like dialer.exe, openwith.exe, dllhost.exe, and rundll32.exe. <\/p>\n\n\n\n
Running via trusted binaries allows it to stealthily steal private data. <\/p>\n\n\n\n
This case confirms attackers exploit Google Ads and other search engine ad tracking to distribute malware. Users should carefully verify the URL when accessing sites, and not trust the advertised banner URL.<\/p>\n\n\n\n
IoCs<\/strong><\/h2>\n\n\n\n
MD5s<\/strong><\/h3>\n\n\n\n
- \n
- 9437c89a5f9a51a4ff6d6076083fa6c9<\/li>\n\n\n\n
- 12b6229551fbb1dcb2823bc8b611300f<\/li>\n\n\n\n
- 33aa3073d148816e9e8de0af4f84582e<\/li>\n\n\n\n
- f0a3499f83d2d9066ab19d39b9af6696<\/li>\n\n\n\n
- 2498997ab3e66e24bc08d044e0ef4418<\/li>\n\n\n\n
- f2590ece758eb32302c504ac3ff413f4<\/li>\n\n\n\n
- eef03c8cd2f27ead8b2d59d5cda4cf6e<\/li>\n\n\n\n
- 9034cf58867961cde08a20cb1057c490<\/li>\n\n\n\n
- f7200603cb8aa9e2b544255ed848c9c0<\/li>\n<\/ul>\n\n\n\n
URLs<\/strong><\/h3>\n\n\n\n
- \n
- hxxp:\/\/tinyurl[.]com\/4jnvfsns<\/li>\n\n\n\n
- hxxp:\/\/tinyurl[.]com\/4a3uxm6m<\/li>\n\n\n\n
- hxxps:\/\/textbin[.]net\/raw\/oumciccl6b<\/li>\n\n\n\n
- hxxp:\/\/tinyurl[.]com\/mrx7263e<\/li>\n\n\n\n
- hxxp:\/\/tinyurl[.]com\/253x7rnn<\/li>\n\n\n\n
- hxxps:\/\/slashidot[.]org\/@abcDP.exe<\/li>\n\n\n\n
- hxxps:\/\/yogapets[.]xyz\/@abcmse1.exe<\/li>\n\n\n\n
- hxxps:\/\/bookpool[.]org\/@Base.exe<\/li>\n\n\n\n
- hxxp:\/\/birdarid[.]org\/@abcDS.exe<\/li>\n\n\n\n
- hxxps:\/\/alternativebehavioralconcepts[.]org\/databack\/notwin.php<\/li>\n\n\n\n
- hxxps:\/\/pantovawy.page[.]link\/jdF1\/?url=https:\/\/www.notion.so\/pricing%3Fgad_source%3D1&id=8<\/li>\n\n\n\n
- hxxps:\/\/cerisico[.]net\/<\/li>\n<\/ul>\n\n\n\n
File Detection<\/strong><\/h3>\n\n\n\n
- \n
- Trojan\/Win.Agent.C5595056 (2024.02.29.02)<\/li>\n\n\n\n
- Trojan\/Win.Agent.C5592526 (2024.02.23.02)<\/li>\n\n\n\n
- Trojan\/Win.Agent.C5594794 (2024.02.28.03)<\/li>\n\n\n\n
- Trojan\/Win.Rhadamanthys.R636740 (2024.02.27.00)<\/li>\n<\/ul>\n\n\n\n
Behavior Detection<\/strong><\/h2>\n\n\n\n
- \n
- Injection\/MDP.Event.M10231<\/li>\n<\/ul>\n\n\n\n
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on\u00a0LinkedIn<\/a>\u00a0&\u00a0Twitter<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
Google Ads is a big platform with a wide user base, which makes it attractive to threat actors who want to reach many targets at once. These malicious ads can also be created or legitimate ones hijacked to spread malware, phishing scams, and other malicious content around. The complex ad targeting options on Google Ads […]<\/p>\n","protected":false},"author":6,"featured_media":61046,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","fifu_image_alt":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,9,33],"tags":[149,1883,1882],"class_list":{"0":"post-61042","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-cyber-attack","9":"category-malware","10":"tag-cyber-security","11":"tag-google-ads-exploitation","12":"tag-malware-distribution"},"yoast_head":"\n
Hackers Exploit Google Ads Tracking Feature To Deliver Malware<\/title>\n<meta name=\"description\" content=\"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Exploit Google Ads Tracking Feature To Deliver Malware\" \/>\n<meta property=\"og:description\" content=\"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-01T13:08:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-01T13:08:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","description":"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","og_description":"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.","og_url":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2024-04-01T13:08:10+00:00","article_modified_time":"2024-04-01T13:08:11+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","datePublished":"2024-04-01T13:08:10+00:00","dateModified":"2024-04-01T13:08:11+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/"},"wordCount":714,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","Google Ads Exploitation","Malware Distribution"],"articleSection":["Cyber Security News","Cyberattack News","Malware"],"inLanguage":"en-US","copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","url":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/","name":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2024-04-01T13:08:10+00:00","dateModified":"2024-04-01T13:08:11+00:00","description":"Google Ads is a big platform with a wide user base which makes it attractive for threat actors who want to reach many targets at once.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/google-adstracking-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#primaryimage","url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900","caption":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/google-adstracking-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Hackers Exploit Google Ads Tracking Feature To Deliver Malware"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhvgcpGSFM-sUxa84LSJFCqzb-prfH4qL7cv4MffOgd80mpn25ziR0-C5hENL7QHLQhbfwFRLlHGUdH7EDaFWgYsmYfA8Z33MStRaYmjfAA58MFXs52WTshvUzu6EQ1JM5C5zlmI3vz8PBMJzGzD8nmAql-e3MxTzGLYsgGSABeagmt3PNb6hyTU3rXtlrM\/s16000\/Hackers%20Exploit%20Google%20Ads%20Tracking%20Feature%20to%20Deliver%20Malware.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/61042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=61042"}],"version-history":[{"count":3,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/61042\/revisions"}],"predecessor-version":[{"id":61111,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/61042\/revisions\/61111"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/61046"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=61042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=61042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=61042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Injection\/MDP.Event.M10231<\/li>\n<\/ul>\n\n\n\n
- hxxps:\/\/notione.my-apk[.]com<\/li>\n<\/ul>\n\n\n\n