Cybersecurity company Sentinel Labs has discovered a new malvertising campaign targeting AWS users. Sentinel Labs warns that cybercriminals have established a campaign on Google Ads programs that take users to a fake landing page to steal their credentials and other details.

What Is a Malvertising Campaign?
A malvertising campaign is a digital ad intended to inject malicious code when clicked. It is complex and challenging to carry out, as shown by the investigation carried out by Sentinel Labs on Jan. 30, 2023.

The malicious ad appears second in most search results after typing “aws” in the search bar, making it look credible. It avoided Google’s fraud detection systems by using redirections of its landing page.

“The ad itself goes to a hop domain, which is an actor-controlled blogger website,” says Tom Hegel, the senior threat researcher in Sentinel Labs.

Users land on a page designed to phish for their credentials. After submitting, visitors are redirected to the legitimate landing page of AWS. It is an effort to evade detection by the most cautious users and automated monitors.

Furthermore, the fake landing page asks victims to select if they are root or IAM users. That helps the cybercriminals categorize the value of the stolen data.

They use JavaScript code to take it further and disable controls like right clicks, keyboard shortcuts, and middle mouse button clicks. Researchers speculate that this was to discourage potential victims from navigating away from the landing page.

Actions Taken
According to the investigation, the attackers are probably Brazilian. CloudFlare received the report and promptly shut down the malicious account connected to the campaign. However, Google ads were still active during that time.

Criminals would try to leverage legitimate platforms to conduct their nefarious activities. It gives their campaign a fake veil of credibility. Who would think that an ad shown and sponsored by Google would be malicious?

Protecting Your Business Credentials 
Businesses need to have their team take training regarding cybersecurity and how to identify potential threats. You can never be too careful when on the internet, whether it is surfing, researching, or communicating with someone.

All it takes is one click for an attack to be successful. And that is what criminals count on, that single second you let your guard down. Do not give them that opportunity.