Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
released on 2023-12-15 @ 12:42:21 PM
Mandiant disclosed a new investigation on a recently discovered infrastructure operated by the distribution threat cluster UNC2975. that leveraged malicious advertisements to trick users into visiting fake “unclaimed funds'' themed websites. In this UNC2975 campaign, the malicious websites delivered PAPERDROP and PAPERTEAR downloader malware that eventually led to DANABOT and DARKGATE backdoor malware.