Silent Push Blog "Ad-versaries": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more.

Silent Push contect scans show a noticeable and worrying uptick in the use of sponsored Google ads to deliver infostealing malware in the third quarter of this year, most notably IcedID and a new version of the DarkGate loader adapted for malvertising purposes. Threat actors are continuing to spoof legitimate domains through Google using a variety of TTPs, including typosquatting, the strategic placement of malicious links and hidden redirects.