Malvertising campaign targeting IT teams with MadMxShell
released on 2024-04-18 @ 01:21:11 PM
A threat actor registered typosquatting domains masquerading as legitimate IP scanner software and leveraged Google Ads to distribute a new backdoor named MadMxShell. The backdoor uses techniques like DLL sideloading and DNS tunneling for command and control.