Ad-Blocker Archives

Bumblebee Malware Gives a Nasty Sting Through Google Ads

Ad-Blocker, Bumblebee, malvertising, malware, Ophtekad-blocker, Bumblebee, malvertising, malware, OphtekOphtek, LLC

Jun 2023

It’s difficult to avoid online ads these days. This makes them the perfect target for hackers. And this is what they have done with the Bumblebee malware.

It’s estimated that the average American is exposed to between 4,000 to 10,000 online ads a day. And each one of these ads has the potential to carry malware. Therefore, it’s not surprising that threat actors have started exploiting them. This recent attack, however, has also employed SEO poisoning in its campaign – this is a method by which hackers create malicious websites and tempt visitors there with high-demand keywords.

Bumblebee, then, is a credible threat to your organization and its IT systems. Consequently, it’s important that you know how it operates and, most importantly, how to avoid it.

What Do You Need to Know about Bumblebee?

First discovered in April 2022, the Bumblebee malware is classed as a ‘malware loader’ variant. This means that it is used to connect a remote attacker directly with the infected system. It’s believed that Bumblebee comes from the same hacking group behind BazarLoader. Bumblebee, however, is more powerful and is backed by enhanced stealth capabilities. So, not only is it capable of causing greater damage, it’s also harder to detect. This, as I’m sure you’ll agree, is the last thing any PC owner wants to hear.

The most common approach for Bumblebee is to use Google Ads to lay bait for unsuspecting PC owners. For example, a Google Ad promising a free SQL to NoSQL guide was used to redirect those who clicked it to a fake download page. We say “a fake download page” but it did, in fact, take people to a page where a download occurred. Instead of a free guide, though, it instead downloaded Bumblebee. This malware was then opened and, to reduce detection, loaded Bumblebee into the infected system’s memory.

Typically, Bumblebee has been targeting businesses rather than consumers. Ransomware, therefore, has been at the front of the threat actors’ operations. But this is achieved through highly detailed planning. Upon the initial infection, Bumblebee quickly downloads a series of malicious tools such as remote access services, network scanning apps and keystroke loggers. This strategy allows the attackers to identify weak spots and deploy ransomware where it will be most effective.

How Do You Beat Bumblebee?

All business owners can agree that ransomware is a headache they can do without. So, how do you keep your systems safe from the Bumblebee attack? Well, you may be surprised that the following tips make it very easy:

Use an ad-blocker: if you can block malicious ads, you’re blocking their opportunity to cause damage. The simplest way to achieve this is by installing an ad-blocker. These tools will minimize the number of adverts which can be shown and, instantly, reduce your risk of falling for a malicious ad.

Keep your software up to date: malicious ads often take advantage of vulnerabilities in outdated software. By keeping your web browser, operating system, and other software up to date, you can reduce your risk of falling victim to malvertising attacks.

Educate your staff on malicious ads: it’s very easy for busy employees to experience a momentary distraction, and this is when they are most likely to click on a malicious ad. However, with regular training, which includes examples, you can prime your staff to dismiss malicious ads the moment they see them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Glupteba Malware Returns With a Bang

Ad-Blocker, botnets, Glupteba, Google, malvertising, network activities, Ophtek, unauthorized proxiesad-blocker, botnets, Glupteba, google, malvertising, network activities, Ophtek, unauthorized proxiesOphtek, LLC

Jan 2023

Despite experiencing a major obstacle a year ago, in the form of Google’s anti-malware efforts, the Glupteba malware is back.

First discovered in 2011, Glupteba is a veteran of the malware scene, although one which goes through periods of intense activity before disappearing for years at a time. A classic botnet, Glupteba has always focused on stealing data, but it has also made sure it has a backup plan in the form of targeting router exploits. Therefore, the news of its re-emergence is troubling for your IT infrastructure. And, given that Glupteba has been updated to be even stronger than ever before, you’re going to need to be on high alert.

Thankfully, we’re on hand to look at this malware and provide some critical advice on how to protect your organization.

Glupteba’s Latest Campaign

Following Google’s disruption of Glupteba’s botnet, which operated on the blockchain, Glupteba went quiet for several months. However, in June 2022 it was discovered that a new campaign had been launched, one which remains active as of this time of writing. Glupteba’s latest strategy targets Windows devices and has set its sights on harvesting data, using infected devices to mine cryptocurrency and setting up unauthorized proxies.

Glupteba is transmitted via traditional infection methods which include malicious installers (typically promoting themselves as free software installers) and through malvertising campaigns. As Glupteba is blockchain enabled, this gives it the ability to constantly change the command and control servers it uses. And, as it uses blockchain transaction data (which cannot be erased) to facilitate its attack, it’s very difficult to make a dent in the power of Glupteba’s botnet. These attacks often employ TOR services as well, a move which makes tracing the attacks next to impossible.

Staying Safe from Glupteba

One word in particular keeps being used when discussing Glupteba’s latest campaign: resilient. The source of its resilience comes from its design, one that uses deception and stealth to protect its operators and ensure it continues to spread. But this doesn’t mean you need to fall victim to Glupteba. If you make sure you follow good cybersecurity practices, you should be able to keep your IT infrastructure safe. All you have to do is:

Understand the threat of malvertising: the internet is full of malicious adverts, but there are ways you can make your PC safer. The simplest way to do this is by installing an ad-blocker, these will block both irritating and malicious adverts, so it’s a win-win situation. Malvertising is also known to use exploits to spread its payload, so you need to make sure your browsers are fully patched and up to date.

Monitor network activity: as Glupteba is a botnet, its operations are likely to lead to a spike in network traffic. And, if unauthorized proxies have been set up, this network activity is likely to go stratospheric. Therefore, you need to keep your network activity monitored to help you analyze any anomalies which may act as an early warning system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fake Clubhouse Ads on Facebook Were Packed with Malware

Ad-Blocker, Antivirus, Facebook Clubhouse, Fake Ads, malware, Ophtekad-blocker, antivirus, Facebook Clubhouse, Fake ads, malware, OphtekOphtek, LLC

Apr 2021

Clubhouse is a social media app which is currently only available on Apple devices. But this hasn’t stopped hackers using it to exploit PC users.

The success of Clubhouse since its launch in April 2020 has ensured that it has grabbed numerous headlines. And everyone is keen to have a taste of the Clubhouse experience where audio content is king. But this is not yet an option for PC users. Nonetheless, the interest generated by Clubhouse means that the app has brought it to the attention of the hacking community. Using all their cunning and guile, these hackers have decided to use Clubhouse as a front for infecting PCs with malware. And they have been meeting this objective by running fake ads on Facebook.

Facebook currently has around 2.8 billion regular users, so the potential for success with this attack is large. Therefore, you need to be aware of what to look out for.

Fake Ads on Facebook

The promise of these fake ads on Facebook were simple: a Clubhouse app is now available for PCs, so get it now. It was an announcement which caught the eye of many PC users. But, unfortunately, there was no Clubhouse app for the PC. Instead, clicking the ad would take the user to a malicious website pretending to be an official Clubhouse page. On this page there was a download link for an app, but it was not Clubhouse; there would be no opportunity for social media activities on the malicious app. Once it was opened it would connect the victim to a remote server which then proceeded to download malware (including ransomware) on to the PC.

Combatting Fake Ads

Malvertising has been a common hacking strategy for some time now, but it is not one that many people are familiar with. And, given the size and scale of Facebook, it is surprising that their platform is open to such abuse. However, it is this size which makes it such an attractive proposition to hackers. If just 0.5% of Facebook’s audience fall for a scam then it’s a significant hit. Thankfully, this Clubhouse scam appeared to deactivate as soon as it was discovered. The malicious app no longer connects to a remote server and now only returns an error message. But it’s important that you know what you’re clicking on when you’re online.

In an ideal world, Facebook would fully vet every single advert submitted to its system. But this is impossible due to the sheer numbers involved. And, besides, they can easily be adjusted after being accepted on the platform. Therefore, it pays to carry out these best practices:

Verify Ad Destinations: Depending on which browser you use, you should be able to view where an ad will send you before clicking on it. Often, hovering over it is enough to display the destination within your browser. Alternatively, you can right hand click an ad and select “Copy link address” before pasting it into a program such as Notepad. If there is something suspicious about this link – such as a name which doesn’t match the promised destination – then don’t click the advert.

Run Antivirus Software: It’s crucial that you install antivirus software on your PC, particularly one that runs in real-time. These apps may not stop you clicking on infected adverts, but they can identify infected software. Accordingly, the malicious Clubhouse app would be detected and immediately quarantined.

Use an Ad-Blocker: An ad-blocker will block all the ads on a webpage, so this completely eliminates the risk of clicking on a malicious ad. This may sound perfect, but bear in mind that some websites may not run properly when an ad-blocker is used. In fact, many websites may not allow you to gain access to their content as a result. Luckily, websites that you trust can be listed as exceptions within the software.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Category Archives: Ad-Blocker