Billions of Google users warned over attack that could leave your bank empty
A NEW malware has been targeting users by pretending to be Google advertisements.
Known as Bumblebee, the malicious software was uncovered by cybersecurity firm Secureworks.
It was initially discovered around a year ago when it was spreading through phishing attacks.
Phishing is a form of social engineering where attackers deceive people into revealing sensitive information.
Most commonly, the goal is to steal a user’s banking information, identity, or passwords.
Now, Secureworks has warned that the malicious download is circulating via a second method: Fraudulent Google ads.
Another name for this is called ‘SEO poisoning,’ according to Securework’s recent 2022 State of the Threat report.
And the malware is not just cropping up on search engines, but across many popular online businesses, TechRadar reported.
This includes companies like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
HOW DOES IT WORK?
Basically, while victims are browsing online, they may see an ad for legitimate software and try to install it.
Once they have done that, the fake download pages get infected with the malware.
When a user falls victim to Bumblebee, the threat actor then gets access to their device’s system.
This makes all of their sensitive data – including banking details and confidential photos and files – vulnerable.
Mike McLellan, Secureworks’s Director of Intelligence, said that around 1 percent of all online ads are malicious, per TechRadar.
To counter such attacks, McLellan recommends that companies implement policies that restrict employees’ downloading access.
People are also advised to make sure they enter websites legitimately rather than with random links or ads.
Other tools that can drastically help are anti-virus and defender software.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.