TapTechNews May 28th news, the Windows version of Arc browser was officially released on April 30th, attracting many users to experience it. However, some hackers took advantage of this trend and started distributing malicious software wantonly.
According to the latest report released by Malwarebytes on May 21st, cybercriminals set up malicious ads on Google Search to trick users into downloading web browsers with malicious content.
Malwarebytes found that the promoted results of search terms like arcinstaller and arcbrowserwindows showed the correct URL of the Arc browser.
However, after users click on the ads, they will be redirected to a squatted domain similar to the real website.
If the Download button is clicked, a trojanized installation file will be obtained from the MEGA hosting platform, and this file will download an additional malicious payload named bootstrap.exe from external resources.
The MEGA application programming interface is misused for command and control (C2) operations, sending and receiving operation instructions and data.
The installation file will obtain a PNG file containing malicious code and, after compilation, will deposit the final payload JRWeb.exe on the victim's disk.
Malwarebytes also observed a separate infection chain, which included the installer using a Python executable to inject code into msbuild.exe, which would query external websites to retrieve the commands to be executed. Analysts believe that the final payload of these attacks is an information stealer, but it has not been determined yet.
TapTechNews attaches a reference.