Consumers in China looking to access banned communications apps such as Telegram are being targeted by threat actors looking to deploy various malware.
This is according to a new report from Malwarebytes’ Jérôme Segura, who found unnamed hackers have been using two Google Ads accounts to publish malicious ads.
The accounts, both from Nigeria, were either previously compromised, or built from scratch for this particular use.
Bypassing MFA
The accounts were used to create ads pointing to pages pretending to be download sites for Telegram, WhatsApp, LINE, and other communications apps forbidden in the lands beyond the Great Firewall. Consumers who were previously searching for these apps online are targeted, and being displayed these ads. Those who fall for the trap and download the apps end up receiving PlugX and Gh0st RAT malware variants.
