Google Pay-Per-Click Used To Distribute IcedID

January 2, 2023

Distributors of the IcedID malware have been abusing Google PPC ads to distribute modified DLL files that act as an IcedID loader. When the victim searches a popular keyword, hijacked ads are used to display fake installers and lead the victims to downloads that mimic the intended search term. Upon download and execution, the modified DLL invokes the “init” export function to spawn the loader routine. Using the legitimate DLL’s and modifying the functions to execute the nefarious task is used to evade detection from machine learning and whitelisting technologies as well as displays the threat actor’s ability to adapt to security detection strategies.

Featured Resources

blog

Finding the Right Fit: Vulnerability Assessment vs. Penetration Testing

With more cyber threats than ever before, protecting your organization’s assets and sensitive data has never been more critical. Businesses

blog

Cyber Threats in the Seams

It’s easy for even the most vigilant security teams to overlook a critical reality: no one fully understands all the

CUSTOMERS

Law Enforcement Agency Restores Confidence in Cyber Defenses

This small cybersecurity team is tasked with protecting the organization’s fraud services and all electronic records related to criminal investigations.

Subscribe to Our Blog

Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.