Google AdWords Malware Scam Targeting Mac Users

This week we hear how about how Google AdWords Malware Scam Targeting Mac Users and how Steam Hit with a DDoS Attack.

Malware

Google AdWords Malware Scam Targeting Mac Users

Researchers have discovered a malvertising campaign that targets MacOS users through fake software downloads. Users who search for “Google Chrome” from Google.com, receive a Google Adwords search result at the top of the page. The ad suggests it’s going to take you to google.com/chrome but instead takes you to googlechromelive.com which is a fake download page for the browser. When the user clicks the fake download button, it sends the users to several web pages and downloads a malware that says your computer is infected with viruses, and instructs them to download more programs.

Google has since removed this malicious ad, but it’s important to know how it works as similar attack vectors could be used to spread malware in the future.

References: Researchers Discover MacOS Malware Using Google’s Adwords | Apple Fans Using Chrome on Alert for Mac Malware | Mac Owners: Watch Out For This Google Ad Scam

 

Mitigation Strategies:

  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Anti-virus would detect file infection on the local host

Attack

Steam Hit with a DDoS Attack

Steam, a digital distribution and gaming and social networking website, was recently a victim of a DDoS attack. The hacking group claimed responsibility on Twitter and goes by the name Phantom Squad. They were able to take the high traffic website down for several minutes, causing temporary gaming service disruption.

References:  Phantom Squad Claims To Be Responsible For The Steam Attack; Says Steam Is Just The Beginning | DDoS Attack On Steam Servers By Phantom Squad | Steam Hit with Potential DDOS Attack

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Proactively utilize your service provider’s DDoS protection services

Top 20 Malicious IP Addresses

218.29.46.42 118.170.130.207
46.109.168.179 81.183.56.217
185.141.26.17 188.118.2.26
113.108.10.31 46.30.46.93
114.44.192.128 87.222.67.194
91.197.234.22 183.60.48.25
61.240.144.65 61.240.144.66
123.249.0.134 203.239.59.11
142.0.39.153 123.31.34.214
103.24.176.10 91.197.234.23

*IP addresses provided by Recorded Future.