a wave of malicious ads is sweeping PCs

Kaspersky researchers warn Windows PC users. According to the Russian company's experts, a malicious campaign is currently spreading to thousands of computers. This campaign aims to slip malware onto targeted machines.

Also read: viruses, data theft, espionage… the dangers of IPTV

Advertisements and fake CAPTCHAs

The attack first takes the form ofan online advertisement. The advertisement will cover the entire screen, completely obstructing the website visited by the Internet user and blocking access to the web browser. It is not uncommon for pop-up ads to pollute online browsing, especially on questionable sites.

“The attackers purchased ad space, and if a user sees this ad and clicks on it, they are redirected to malicious resources, a commonly used tactic. This new wave involves a significantly expanded distribution network and the introduction of a new attack scenario that affects more victims”says Vasily Kolesnikov, security expert at Kaspersky.

This ad will redirect the target to a fake CAPTCHA, a popular online test designed to differentiate human users from bots. This CAPTCHA contains specific instructions that will result in the installation of a virus on the computer. When the user clicks the “I'm not a robot” button, a code will be automatically copied to the machine's clipboard without their knowledge. The victim will be prompted to paste the code into the Windows terminal, which will finalize the installation of the malware.

It is “a rather unusual method”underlines Kaspersky. The strategy “leverages their trust in CAPTCHA to trick users into performing dangerous actions”.

A major data theft

Researchers were able to determine that it was generally malware known as Lumma. This malware belongs to the category of the infostealerviruses programmed for data theft. Once the virus has infiltrated the computer, it will exfiltrate a multitude of information and transmit it to cybercriminals.

Among the favorite data of hackers at the origins of the cyberattack, we find “cryptocurrency-related files, cookies and password manager data”. With passwords, browser cookies and the private keys of blockchain wallets, hackers can orchestrate a host of different cyberattacks, and line their pockets…

Gamers in the sights of pirates

Kaspersky researchers mainly spotted these false advertisements on “online gaming sites”. Cybercriminals have focused their efforts on gamers. According to a previous Yougov study for Kaspersky, gamers are among the preferred targets in the world of cybercrime. Players are overexposed to the risk of attacks, and the trend continues to increase.

The number of players who have been the target of cyberattacks through video games has “jumped 30% in one year during the first six months of 2024”. In most cases, gamers are targeted by data theft attempts.

Fake Chrome error messages

In some cases, the malicious advertising, on which the entire cyberattack is based, redirects Internet users to a false error message from Google Chrome. This warning, which literally repeats the interface of that of an official notice, asks the user to “copy the patch” into the terminal window, which results in the installation of the virus, and the theft of data.

More than 140,000 ads

Finally, the campaign is also based on “file sharing services, web applications, bookmaker portals, adult content pages, entertainer communities, and many other channels”. Through these additional channels, cybercriminals distribute Amadey, a formidable Trojan horse also designed for information theft. He distinguishes himself by aspiring “popular browser credentials”by taking screenshots without users' knowledge and downloading a remote access tool. De facto, malware allows a hacker to use a computer remotely.

After investigation, Kaspersky realized that more than 140,000 invasive advertisements were deployed between September and October 2024. More than 20,000 Internet users found themselves facing pages containing scripts capable of installing viruses during the period. It is mainly Brazilian, Italian, Russian and Spanish Internet users who have fallen into the trap.