ESET, an Eastern European cybersecurity software company, has found a malware campaign that had been targeting Chinese-speaking people in Malaysia, along with other countries in Southeast Asia and East Asia. It seems as though these scammers had been running Google Ads targeting people who search up for popular applications, pushing for their ad spots to appear on top of legitimate search results and getting users to click on their fake website.
Specifically, they’ve been creating fake websites that look identical to the websites of popular programs and softwares, such as Google Chrome, WhatsApp, Signal, Skype, Telegram and more. People who search these up and click on their Google Ad rather than the actual website will then be greeted by a look-a-like website that offers a download to the program that they had been looking for. However, when they download the installer, what they’ll get instead is a Trojanised installer containing the virus FatalRAT.
FatalRAT is a remote access Trojan that would grant the hacker access and control to the victim’s computer. It gives the hacker a bunch of functionalities to perform malicious tasks, such as capture your keystrokes, steal or even delete data stored on your computer, as well as download and execute files. ESET found that the malware campaign had been going on between August 2022 till January 2023, but curiously these Trojanised installers have been seen in the wild since at least May 2022.
Incidentally, all of these fake websites ended up pointing to he same IP address, a server hosting the Trojanised software. These websites seemingly targeted Chinese-speaking users in particular, by claiming to offer Chinese-language versions of software that isn’t available in China. ESET has since reported these scam ads to Google, who then removed them.
As a general rule of thumb, you should always pay attention to the address bar in your browser to ensure that you’re at a legitimate website rather than a fake one. Furthermore, when you download files, always double check that you’re getting the files you intended to download. If you do find out that you’ve been scammed, you can dial 997 to contact the National Scam Response Center, which was set up last October to coordinate a rapid response specifically for online financial scams.