Phishing is the order of the day, being one of the most widespread mechanisms to deceive users and obtain their personal data or urge them to download a file with malicious content. Now the latest wave of attacks masquerades as Microsoft , Spotify, or an online document converter to steal your personal data.
The attack has been discovered by the cybersecurity company ESET , which has alerted on its Twitter account of this new campaign. The method that these websites have to spread is to use fake ads that promote what appear to be legitimate applications.
Fake Microsoft or Spotify ads: download malware
However, when users click on the ad, they actually go to a fake website that pretends to be the Microsoft Store with a fake chess game called xChess 3. If we click to download, the downloaded file is xChess_v. 709.zip , which is actually information stealing malware called Ficker , or FickerStealer .
In other advertisements, the attackers impersonate Spotify with a fake 90-day free ad, a promotion that the platform regularly launches. When you visit it, the page also downloads the corresponding malware.
In any case, if we open the file, the malware will start to steal the data stored on the computer, including passwords in web browsers , computer programs like Steam or voice chat apps like Discord, or FTP clients. In addition, it can also steal cryptocurrencies from up to 15 different wallets, as well as steal documents or take screenshots of the applications currently active on the computer. With this, they can take control of your accounts, being able to cancel the Spotify account.
Malware originates from Russia
This malware, which is a Trojan , first appeared on Russian forums in January, where its alleged creator began renting it out to other hackers for use in periods of between one week and six months. Once an attacker has obtained all the information they want, a zip file is generated and sent to a server controlled by the attacker.
The large number of functionalities of this malware makes it essential to change passwords and any other data that may have been accessed by the attacker. The fact that their expansion vector are fake ads shows that you have to be careful with ads on suspicious websites, such as torrent download portals, which opt for the most lucrative ads despite the fact that they download malware on users’ computers.
