Threat Actors (TAs) are increasingly using spam emails and phishing websites to trick users into downloading malware such as Stealer and Remote Access Trojan (RAT) to infect users’ machines and steal sensitive information.

The recent research found a new Stealer spreading through Google Ads and is being dubbed as Rhadamanthys.

This new Stealer has been distributed in two major ways, spreading through Google Ads and spam emails. This new version of Stealer has been found to be slightly different than its predecessor, as it only displays a portion of the decoy windows as compared to its predecessor that not just display the decoy windows but also includes hidden malicious payloads.

Unlike the previous version of Stealer, this new variant was found to be distributed on Google Ads through a compromised website.

This is a very interesting development as it shows how effective and leveraged Google Ads are for cybercriminals. This new variant has received a lot of attention in the media and out in the open from security researchers and the general public.

‍

Source: Rhadamanthys: New Stealer Spreading Through Google Ads - AlienVault - Open Threat Exchange