New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Summary
A new malware loader named OXLOADER has been discovered, which is used to deliver the CastleStealer malware. The campaign utilizes malicious Google Ads to distribute the payload, and researchers believe the threat actor is Russian-speaking and financially motivated.
IFF Assessment
FOE
This is bad news for defenders as it describes a new malware delivery method (OXLOADER) used to distribute an information-stealing malware (CastleStealer).
Defender Context
Defenders should be aware of the OXLOADER campaign that abuses Google Ads to distribute malware. Users should exercise extreme caution when clicking on search advertisements, especially for software downloads, and ensure their endpoint protection is up-to-date to detect and block new malware strains like CastleStealer.