Googles Advertising Tracking Function Abused To Drop Rhadamanthys Malware
Researchers have identified a new malicious code distribution method that exploits Googles ad tracking feature. The attackers disguise the malicious downloader as installation programs for widely used groupware like Notion and Slack. The attackers use Googles ad tracking feature to make it appear as if users are accessing a legitimate site. The malware is primarily distributed in the form of Inno Setup or NSIS (Nullsoft Scriptable Install System) installers. The Rhadamanthys information stealer payload injects itself into legitimate Windows files in the %system32% directory making it difficult for users to detect its operation.