ads

InstallFix: Weaponizing Malvertized Install Guides

Attackers are using a technique called InstallFix, a social engineering attack where they clone installation pages of legitimate CLI tools and present victims with malicious install commands disguised as the real thing. This technique is particularly effective because it exploits the common practice of copying and pasting installation commands from websites, bypassing traditional security controls like email filtering. The attackers are using malvertising, specifically sponsored search results on Google, to distribute these fake installation pages, targeting popular tools like Claude Code.

https://pushsecurity.com/blog/installfix/

1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads

1Campaign is a cloaking platform that helps attackers bypass Google Ads screening and evade security researchers. It uses real-time visitor filtering, fraud scoring, and geographic targeting to keep phishing and crypto drainer pages online longer. The platform enables ad fraud at scale by allowing attackers to impersonate legitimate brands in Google Ads campaigns.

https://www.varonis.com/blog/1campaign

Facebook Ads Spread Fake Windows 11 Downloads That Steal Passwords and Crypto Wallets

Malicious Facebook ads mimicking Microsoft promote fake Windows 11 downloads, leading users to download malware instead of updates. This malware stealthily collects passwords and cryptocurrency data. It employs sophisticated evasion techniques, targeting regular users while avoiding detection by security systems. If affected, users should avoid logging in to accounts, scan their devices, change passwords on a secure device, and take precautions with any financial information. Security teams are advised to block phishing domains and monitor for specific malware signatures.

https://www.malwarebytes.com/blog/scams/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets

New Android Malware Uses AI to Click on Hidden Browser Ads

New Android malware utilizes AI with TensorFlow to automatically click on hidden ads, enhancing click fraud mechanisms. Distributed via Xiaomi’s app store and third-party sites, it uses a ‘phantom’ mode for covert actions and a ‘signalling’ mode for real-time control. Affected apps initially lack malicious intent but receive updates adding harmful features, misleading users. Users are advised to avoid non-Google Play apps to mitigate risks.

https://www.bleepingcomputer.com/news/security/new-android-malware-uses-ai-to-click-on-hidden-browser-ads/

Everyone Knows Your Location

Extreme TLDR:

Massive geolocation data leak revealed 2000+ apps collecting user location without consent. Research showed my iPhone exposed requests with my IP and location despite Location Services off. Learned about ad data auctions, found high costs for purchasing my data, and discovered methods to track myself using data brokers. Notable findings included Unity and Facebook using my data without consent. The investigation highlighted extensive data sharing with third parties and the ease of accessing personal data linked to device identifiers.

https://timsh.org/tracking-myself-down-through-in-app-ads/

Microsoft Advertisers Phished Via Malicious Google Ads

Malicious Google ads target Microsoft advertisers, attempting to steal login info for Microsoft's ad platform. Attackers use cloaking techniques to redirect users and evade security, ultimately leading to a phishing page that mimics the legitimate site. The campaign highlights ongoing phishing threats in online advertising, urging users to verify URLs, utilize two-factor authentication, monitor accounts, and report suspicious ads.

https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads

Scroll to Top