Cybercriminals Exploit Google Ads to Spread IP Scanner with Concealed Backdoor

A new malicious advertising campaign on Google Ads is exploiting a group of up to 45 domains that impersonate an IP scanner to distribute a new backdoor called MadMxShell.  

What is MadMxXhell? 

MadMxShell is a sophisticated Windows backdoor that uses DNS MX queries to communicate with its C2 server, located at litterbolo[.]com. The malware can: 

• Collect system data.  


• Run commands via Cmd.exe.  


• Read, write, and delete files on the infected host. 

ads advertising backdoor called campaign cybercriminals dns domains exploit exploiting google google ads ip scanner madmxshell malicious malicious advertising scanner server what is windows