all InfoSec news
Cybercriminals Exploit Google Ads to Spread IP Scanner with Concealed Backdoor
Malware Analysis, News and Indicators - Latest topics malware.news
A new malicious advertising campaign on Google Ads is exploiting a group of up to 45 domains that impersonate an IP scanner to distribute a new backdoor called MadMxShell.
What is MadMxXhell?
MadMxShell is a sophisticated Windows backdoor that uses DNS MX queries to communicate with its C2 server, located at litterbolo[.]com. The malware can:
- Collect system data.
- Run commands via Cmd.exe.
- Read, write, and delete files on the infected host.
ANY.RUN’s network tab shows attempts to make …
ads advertising backdoor called campaign cybercriminals dns domains exploit exploiting google google ads ip scanner madmxshell malicious malicious advertising scanner server what is windows