Hackers distributed malware through the Google advertising network to steal user data. Malvertising is a type of cyberattack, that is significant because it makes use of virtualization technology, which enables malware to avoid being detected by antivirus software.
What is Malvertising?
Malvertising, often known as “malicious advertising,” is a category of cyberattack in which hackers spread malware by inserting malicious code into online advertisements. Both internet users and publishers have trouble identifying corrupted advertisements. Consumers receive these malicious ads through reputable advertising networks.
How can hackers get access of user data?
By using KoiVM virtualization technology, which enables malware to elude detection when it is installed, hackers are disseminating malicious installers. A program’s operation codes are obscured by the KoiVM plugin so that the virtual machine, a computing resource that uses software rather than a physical computer to run programmes and instal apps, can only understand them.
Obfuscation is the process of writing code that is challenging for both humans and computers to decipher. The virtual machine converts the operation codes back to their original form when the malicious code is launched, allowing the application to run.
According to a recent study by SentinelLabs, virtualization frameworks like KoiVM obfuscate executables by substituting the original code, including NET Common Intermediate Language (CIL) instructions, with virtualized code that only the virtualization framework knows.
According to the paper, KoiVM virtualization is popular for hacking tools but is rarely used to propagate malware. When used maliciously, virtualization complicates malware detection and also reflects an effort to dodge static analysis tools.