Key Findings
- Silent Push Threat Analysts have caught a threat actor’s ongoing series of malvertising campaigns blatantly abusing Google Search ads to target graphic design professionals.
- We documented at least 10 malvertising campaigns hosted exclusively on two IP addresses: 185.11.61[.]243 and 185.147.124[.]110.
- Together with our research partners, we found that the sites from the two IP addresses were being launched in Google Search advertising campaigns, and all of them led to malicious downloads.
Wow, somebody is hunting mechanical engineers - hopefully none doing significant work get duped.
I’d be curious if the malicious downloads are basic viruses, or are something specialized to exfiltrate cad drawings, or something even more complex to subtly alter designs and cause harm