Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'malvertising'

View all threats tagged with 'malvertising'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: malvertising

Threats Tagged 'malvertising'

Click on any threat for detailed analysis and mitigation recommendations

Vidar Stealer Unmasked: Code Signing Abuse, Go Loaders and File Inflation
0

A financially motivated campaign identified in April 2026 distributes Vidar stealer and XMRig cryptocurrency miner globally via malvertising. The attackers use password-protected archives impersonating cracked software and Go-based loaders built with the Factory-v3 framework. The malware employs evasion techniques such as rogue Authenticode certificates, file inflation with null bytes, and AMSI bypass. Vidar stealer exfiltrates browser credentials, cookies, and cryptocurrency wallets, while XMRig mines Monero. Persistence is achieved through registry changes, scheduled tasks, and startup scripts. The threat actor, known as X3D MINER, targets victims primarily in the U.S. and European Union, combining credential theft and cryptojacking for dual monetization.

Join the discussion
OXLOADER: new loader evading detection to drop infostealer
0

A previously undocumented Windows loader designated as OXLOADER delivers the CASTLESTEALER infostealer through malicious Google Ads campaigns, achieving remarkably low detection rates. The loader employs multiple obfuscation layers including control-flow flattening, opaque predicates, and mixed Boolean-Arithmetic techniques, along with self-modifying decryption stubs and abuse of the Windows .reloc section for shellcode staging. Distribution occurs via malvertising impersonating Node.js installations, redirecting victims through intermediary domains to Storj-hosted batch scripts. The loader implements five anti-VM and language checks, including CIS-region and Russian-language exclusions, suggesting a financially motivated Russian-speaking threat actor. OXLOADER uses DonutLoader to deliver the .NET-based CASTLESTEALER payload in memory, evading traditional detection mechanisms through deliberate engineering choices.

Join the discussion
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
0

Cybercriminals orchestrated a sophisticated malvertising operation leveraging Google Ads to impersonate popular AI developer tools including Claude AI, ChatGPT Codex, Perplexity, Cursor IDE, and JetBrains. Over seven weeks spanning April to June 2026, attackers deployed 106 unique malicious hostnames across six distinct waves, initially hosting ClickFix social engineering pages on GitLab infrastructure before pivoting to weaponize claude.ai's legitimate shared chat feature. The campaign targeted technically proficient users searching for AI development tools, tricking them into executing terminal commands that deployed the MacSync infostealer. This credential-harvesting malware collected browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region sustained the heaviest impact with 67.2% of over 2,000 victims, particularly concentrated in Taiwan. Anthropic responded by banning malicious accounts and implementing additional abuse mitigations.

Join the discussion

Showing 1 to 3 of 3 results

Filters:Tag: malvertising
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses