The New Oil#Google’s #Gemini blocked billions of bad ads. That’s good news — but not enough
https://adguard.com/en/blog/google-report-gemini-blocked-billions-bad-ads.html
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.
OTX BotDonuts and Beagles: Fake Claude site spreads backdoor
A fraudulent website impersonating Anthropic's Claude AI platform has been distributing a previously undocumented backdoor called Beagle through malvertising campaigns. The attack begins when victims download a fictitious tool named Claude-Pro Relay from claude-pro[.]com, delivered as a 505 MB ZIP archive. The infection chain utilizes DLL sideloading, exploiting a signed G DATA antivirus updater to load malicious code. The technique mirrors PlugX delivery methods but deploys different payloads. Beagle supports eight commands including shell execution, file transfer, and directory listing, communicating with C2 servers using AES encryption. Related samples dating to February 2026 have been identified, with some variants delivering AdaptixC2 framework. Additional domains impersonated security vendors like Trellix, CrowdStrike, and SentinelOne. The infrastructure spans Cloudflare for distribution and Alibaba Cloud for command and control.
Pulse ID: 69fcc63f1dce161fc2f8380c
Pulse Link: https://otx.alienvault.com/pulse/69fcc63f1dce161fc2f8380c
Pulse Author: AlienVault
Created: 2026-05-07 17:05:03
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Cloud #CrowdStrike #CyberSecurity #Encryption #InfoSec #Malvertising #OTX #OpenThreatExchange #PlugX #SentinelOne #SideLoading #Trellix #ZIP #bot #AlienVault
Hackread.comHackers are abusing the popularity of AI tools with a fake #ClaudeAI website that spreads a newly discovered backdoor called #Beagle. The campaign uses DLL sideloading, #malvertising, and trusted signed files to infect Windows systems.
Read: https://hackread.com/hackers-fake-claude-ai-site-infect-beagle-malware/
Analyst207Malicious Site Exploits AI Interest to Deploy Beagle Backdoor
Beware of a fake website masquerading as Anthropic's Claude interface, tricking users into downloading a 505 MB ZIP archive that unleashes a new, previously undocumented Windows backdoor called Beagle. This malicious campaign uses a convincing imitation of the legitimate site to spread the infection.
#BeagleBackdoor #AiMalware #WindowsMalware #Malvertising #DllSideloading
Calishat#malware #malvertising #Google #OpenSource
'Security researchers at the [ISC] report that clicking the first Google search result for 'Homebrew' installs an infostealer that can bypass Apple security features and steal sensitive information from Mac users.'
https://www.makeuseof.com/how-one-fake-google-ad-can-silently-steal-your-macs-passwords/
ResearchBuzz: FirehoseMakeUseOf: Homebrew users are accidentally downloading malware instead of the real app. “A malicious Google ad campaign is targeting users of a popular free, open-source software package manager for macOS and Linux that simplifies installing, updating, and managing command-line tools. Your password and personal data could be at serious risk.”
https://rbfirehose.com/2026/05/05/makeuseof-homebrew-users-are-accidentally-downloading-malware-instead-of-the-real-app/
MakeUseOf: Homebrew users are accidentally downloading malware instead of the real app
MakeUseOf: Homebrew users are accidentally downloading malware instead of the real app. “A malicious Google ad campaign is targeting users of a popular free, open-source software package mana…
Paco HopeAnd now a funny commentary. This guy from India or Russia or whatever spent quite literally 3-4 HOURS with my 93-year-old mom trying to get her to install stuff, share her screen, and get through a password change. In that time she managed to install 2 apps and change TWO passwords. That’s it.
He should have been some kind of priest, rabbi, or imam or something. Patience. Of. A. Saint. Sad to think of this amazing super power going to waste on a life of crime.
I have to do these things with her and I can’t get them done any faster than that. But I don’t have the stamina to go 4 hours in the ring with her. 😜 This guy is impressive.
#identitytheft #malvertising #security
If anyone wants to see the scam that got my mom, here's a video capture of what it does. It plays a computer voice saying fantastic bullshit like "Your computer has the identity theft virus".
I'm pretty sure this was malvertising. Looking at her safari history, she was on a grocery store web site trying to place an order. Then this URL is next in the history. And after that, it's all password change pages and such. I can't imagine she had any reason to click on something other than seeing a fake "security alert."
In the video, this is not fullscreen. But when I clicked that link, it went full screen.
What the hell, Paco, you clicked the damn link? Yeah, not on purpose. I was trying to right click it to copy it, and either TeamViewer misunderstood the click or I fat-fingered it. But, having made the mistake, I decided to shoot some video. I got lucky.
Here's the URL (still live as of about 60 minutes ago):https: / / xdrty-c6e6cjecbve4f9bz,z02,azurefd,net/mhelpxxx/index,html?bcda=1-833-371-8269#%E2%80%99
#identitytheft #malvertising