Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-31DarktraceRoberto Martinez
@online{martinez:20230131:vidar:32a27bd, author = {Roberto Martinez}, title = {{Vidar Info-Stealer Malware Distributed via Malvertising on Google}}, date = {2023-01-31}, organization = {Darktrace}, url = {https://darktrace.com/blog/vidar-info-stealer-malware-distributed-via-malvertising-on-google}, language = {English}, urldate = {2023-02-01} } Vidar Info-Stealer Malware Distributed via Malvertising on Google
Vidar
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2023-01-12CybleincCyble
@online{cyble:20230112:rhadamanthys:c1e900e, author = {Cyble}, title = {{Rhadamanthys: New Stealer Spreading Through Google Ads}}, date = {2023-01-12}, organization = {Cybleinc}, url = {https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/}, language = {English}, urldate = {2023-01-16} } Rhadamanthys: New Stealer Spreading Through Google Ads
Rhadamanthys
2022-12-23TrendmicroIan Kenefick
@online{kenefick:20221223:icedid:df95b05, author = {Ian Kenefick}, title = {{IcedID Botnet Distributors Abuse Google PPC to Distribute Malware}}, date = {2022-12-23}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_ie/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html}, language = {English}, urldate = {2022-12-24} } IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
IcedID
2022-12-15ISCBrad Duncan
@online{duncan:20221215:google:179f840, author = {Brad Duncan}, title = {{Google ads lead to fake software pages pushing IcedID (Bokbot)}}, date = {2022-12-15}, organization = {ISC}, url = {https://isc.sans.edu/diary/Google+ads+lead+to+fake+software+pages+pushing+IcedID+Bokbot/29344}, language = {English}, urldate = {2022-12-19} } Google ads lead to fake software pages pushing IcedID (Bokbot)
IcedID
2022-12-07GoogleClement Lecigne, Benoit Sevens
@online{lecigne:20221207:internet:c6ec713, author = {Clement Lecigne and Benoit Sevens}, title = {{Internet Explorer 0-day exploited by North Korean actor APT37}}, date = {2022-12-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/}, language = {English}, urldate = {2022-12-08} } Internet Explorer 0-day exploited by North Korean actor APT37
2022-11-10ZscalerThreatLabZ research team
@online{team:20221110:rise:aebb475, author = {ThreatLabZ research team}, title = {{Rise of Banking Trojan Dropper in Google Play}}, date = {2022-11-10}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/rise-banking-trojan-dropper-google-play-0}, language = {English}, urldate = {2022-12-01} } Rise of Banking Trojan Dropper in Google Play
Xenomorph
2022-11-04CleafyCleafy
@online{cleafy:20221104:android:2dcfb28, author = {Cleafy}, title = {{The Android Malware’s Journey: From Google Play to banking fraud}}, date = {2022-11-04}, organization = {Cleafy}, url = {https://www.cleafy.com/cleafy-labs/the-android-malwares-journey-from-google-play-to-banking-fraud}, language = {English}, urldate = {2022-11-06} } The Android Malware’s Journey: From Google Play to banking fraud
Brunhilda Vultur
2022-09-20Recorded FutureInsikt Group®
@techreport{group:20220920:threat:b6666bd, author = {Insikt Group®}, title = {{Threat Actors Continue to Abuse Google Tag Manager for Payment Card e-Skimming}}, date = {2022-09-20}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0920.pdf}, language = {English}, urldate = {2022-09-26} } Threat Actors Continue to Abuse Google Tag Manager for Payment Card e-Skimming
2022-09-07GooglePierre-Marc Bureau, Google Threat Analysis Group
@online{bureau:20220907:initial:d1975b3, author = {Pierre-Marc Bureau and Google Threat Analysis Group}, title = {{Initial access broker repurposing techniques in targeted attacks against Ukraine}}, date = {2022-09-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/}, language = {English}, urldate = {2022-09-13} } Initial access broker repurposing techniques in targeted attacks against Ukraine
AnchorMail Cobalt Strike IcedID
2022-09-02nccgroupAlberto Segura, Mike Stokkel
@online{segura:20220902:sharkbot:a9ce98d, author = {Alberto Segura and Mike Stokkel}, title = {{Sharkbot is back in Google Play}}, date = {2022-09-02}, organization = {nccgroup}, url = {https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/}, language = {English}, urldate = {2022-09-12} } Sharkbot is back in Google Play
SharkBot
2022-08-29Check PointMoshe Marelus
@online{marelus:20220829:check:4b8b83f, author = {Moshe Marelus}, title = {{Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications}}, date = {2022-08-29}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications}, language = {English}, urldate = {2022-08-31} } Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications
Nitrokod
2022-08-23GoogleAjax Bash
@online{bash:20220823:new:df2d83e, author = {Ajax Bash}, title = {{New Iranian APT data extraction tool}}, date = {2022-08-23}, organization = {Google}, url = {https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/}, language = {English}, urldate = {2022-08-25} } New Iranian APT data extraction tool
HYPERSCRAPE
2022-08-16ThreatFabricThreatFabric
@online{threatfabric:20220816:bugdrop:1babd7a, author = {ThreatFabric}, title = {{BugDrop: the first malware trying to circumvent Google's security Controls}}, date = {2022-08-16}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html}, language = {English}, urldate = {2022-12-08} } BugDrop: the first malware trying to circumvent Google's security Controls
Xenomorph
2022-08-10GoogleXingyu Jin, Google Project Zero
@online{jin:20220810:quantum:cbe3e82, author = {Xingyu Jin and Google Project Zero}, title = {{The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)}}, date = {2022-08-10}, organization = {Google}, url = {https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html}, language = {English}, urldate = {2022-08-11} } The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
2022-07-28McAfeeDexter Shin
@online{shin:20220728:new:950bc90, author = {Dexter Shin}, title = {{New HiddenAds malware affects 1M+ users and hides on the Google Play Store}}, date = {2022-07-28}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/}, language = {English}, urldate = {2022-08-02} } New HiddenAds malware affects 1M+ users and hides on the Google Play Store
HiddenAd
2022-07-20QianxinRed Raindrops Team
@online{team:20220720:sidewinder:8d70604, author = {Red Raindrops Team}, title = {{The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software}}, date = {2022-07-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-malware-android-software-spread-by-sidewinder-using-google-play/}, language = {Chinese}, urldate = {2022-08-02} } The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder
2022-07-20MalwarebytesThreat Intelligence Team
@online{team:20220720:google:562a515, author = {Threat Intelligence Team}, title = {{Google Ads Lead to Major Malvertising Campaign}}, date = {2022-07-20}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/07/google-ads-lead-to-major-malvertising-campaign}, language = {English}, urldate = {2022-07-25} } Google Ads Lead to Major Malvertising Campaign
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:2a97da1, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag}, language = {English}, urldate = {2022-08-05} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-07-19R136a1Dominik Reichel
@online{reichel:20220719:look:84e1e01, author = {Dominik Reichel}, title = {{A look into APT29's new early-stage Google Drive downloader}}, date = {2022-07-19}, organization = {R136a1}, url = {https://r136a1.info/2022/07/19/a-look-into-apt29s-new-early-stage-google-drive-downloader/}, language = {English}, urldate = {2022-10-19} } A look into APT29's new early-stage Google Drive downloader
BEATDROP BOOMBOX Gdrive Unidentified 098 (APT29 Slack Downloader)