Google Pay-Per-Click Used To Distribute IcedID
Distributors of the IcedID malware have been abusing Google PPC ads to distribute modified DLL files that act as an IcedID loader.
When the victim searches a popular keyword, hijacked ads are used to display fake installers and lead the victims to downloads that mimic the intended search term.
Upon download and execution, the modified DLL invokes the "init" export function to spawn the loader routine.
Using the legitimate DLL's and modifying the functions to execute the nefarious task is used to evade detection from machine learning and whitelisting technologies as well as displays the threat actor's ability to adapt to security detection strategies.
Featured Resources
blog
Exploitable Vulnerabilities: Prioritize What Poses Real Risk
Not all cybersecurity vulnerabilities are created equal. While Common Vulnerability Scoring System (CVSS) scores are useful indicators of severity, they
blog
NIST Compliance Checklist: A Practical Guide to Cybersecurity Alignment
Threats are everywhere in digital business. As such, regulatory alignment can’t just be a best practice. It’s time for a
Report
On the Radar: Why Cymulate Leads in Exposure Management
In this exclusive “On the Radar” report, Omdia highlights how Cymulate has positioned itself as a leading provider of exposure