A recent malvertising campaign targeting users looking to download the new Arc web browser for Windows has led to the distribution of malware through trojanized installers. Cybercriminals took advantage of the hype surrounding the release of the Arc browser for Windows by creating malicious ads on Google Search that tricked users into downloading infected files.
The Arc web browser, known for its innovative user interface design, was released for macOS in July 2023 and received positive reviews. The release for Windows was highly anticipated, which the cybercriminals exploited to spread malware.
According to a report by Malwarebytes, the malicious ads on Google Search displayed legitimate URLs for Arc but redirected users to typo domains that mimicked the genuine website. When users clicked on the ads and attempted to download the browser, they unknowingly downloaded trojanized installation files from the MEGA hosting platform. These files contained additional malicious payloads that were downloaded from external sources.
The malware distributed through this campaign involves command and control operations using the MEGA API, allowing threat actors to send and receive operational instructions and data. Analysts suggest that the ultimate goal of these attacks is to steal information, although the specific details of the payload are still being investigated.
One method of infection observed by Malwarebytes involved the installer injecting code into msbuild.exe using a Python executable, which then queried an external site for commands. The malicious files run stealthily in the background, making it difficult for victims to realize they have been infected with malware.
This type of malvertising campaign is not new, but it remains effective in distributing malware to unsuspecting users. To protect themselves, users are advised to avoid clicking on promoted search results, use ad blockers to hide these results, and bookmark official websites for software downloads.
It is also recommended to verify the authenticity of domains before downloading installers and to scan all downloaded files with an up-to-date antivirus tool before running them. By following these precautions, users can reduce the risk of falling victim to malvertising campaigns and malware infections.
Article Source
https://www.bleepingcomputer.com/news/security/arc-browsers-windows-launch-targeted-by-google-ads-malvertising/
