Google Ads Used to Distribute Royal Ransomware in Malvertising Campaign

The malicious files, which are malware downloaders known as BATLOADER, pose as installers or updates for legitimate applications like Microsoft Teams or Zoom. When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that is decrypted and launched with PowerShell commands.

Read full article on Heimdal Security Blog

 


Date:

Categorie(s):