FakeAPP: Malvertising Campaign Exploits Google Ads
This “FakeAPP,” campaign is a continuation of a previous attack on Hong Kong users in late October 2023. The threat actor employs Google advertiser accounts to create harmful ads leading users to download Remote Administration Trojans (RATs), providing attackers full control over victims’ machines. The latest iteration includes the messaging app LINE and redirects users to fake websites hosted on Google Docs or Google Sites. The campaign is traced to advertiser accounts Interactive Communication Team Limited and Ringier Media Nigeria Limited based in Nigeria.
Additionally, Trustwave SpiderLabs reports a surge in the use of the phishing-as-a-service platform called Greatness, priced at $120 per month. This platform facilitates the creation of legitimate-looking credential harvesting pages targeting Microsoft 365 users. The kit allows personalization of sender names, email addresses, subjects, messages, attachments, and QR codes, with anti-detection measures to bypass security systems. Greatness is utilized in phishing email chains that direct victims to fake login pages capturing credentials, which are then sent to threat actors via Telegram.
The kit is well-supported, with its own Telegram community, and phishing attacks have also been observed in South Korea impersonating tech companies like Kakao to distribute malware via malicious Windows shortcut files.