Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Hackers weaponize Google Ads: Graphic designers falling for fake tools

The malvertising campaigns have been continuous since November 13, 2024, and leverage numerous domains to distribute harmful content

byKerem Gülen
December 17, 2024
in News
Home News
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Silen Push researchers have identified a series of malvertising campaigns targeting graphic design professionals, taking advantage of Google Search ads to distribute malware. The attacks began in November 2024 and utilized two IP addresses, 185.11.61.243 and 185.147.124.110, to host multiple malicious domains. These ads redirect users to websites that initiate harmful downloads, posing a significant security threat to unsuspecting victims.

Hackers exploit Google ads to target graphic designers

The primary attack vector involves fraudulent domains that mimic legitimate graphic design software, with campaigns launching nearly daily. Notable domains connected to this scheme include frecadsolutions.com, freecad-solutions.net, and rhino3dsolutions.io. Each campaign has reportedly made use of dedicated IP addresses to mask the malicious activity behind seemingly legitimate advertising.

The malvertising campaigns have been continuous since November 13, 2024, and leverage numerous domains to distribute harmful content. The first campaign was hosted on frecadsolutions.com and became active on November 6, 2024. Subsequent campaigns utilized slightly altered domain names to evade detection, with campaigns noted on sites like planner5design.net and variations of freecad-solutions.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

As detailed in the findings from Silent Push, the malicious actors have orchestrated a well-structured operation. By exploiting vulnerabilities in ad networks, these attackers redirect users from Google ads to malicious websites that offer deceptive software downloads masquerading as CAD tools. The use of tools hosted on trusted platforms such as Bitbucket adds credibility to their malicious links, increasing the likelihood of downloads by unsuspecting users.

Moreover, Silent Push emphasizes that identifying these threats should be simple through basic domain and IP address investigations, yet the attackers continue to operate undeterred, highlighting potential flaws in Google’s ad monitoring capabilities. Research indicates that up to ten distinct campaigns have utilized the same ad infrastructure, showcasing the attackers’ methodical approach.

Technical overview of the IP addresses and domains

The IP addresses involved, 185.11.61.243 and 185.147.124.110, have seen consistent activity with multiple unique domains mapped to them. The first IP address has been active since July 29, hosting over 109 unique domains. Meanwhile, the second IP started its operations on November 25, 2024, and is currently linked to 85 unique domains designed to distribute malware.

On November 14, 2024, a campaign launched on frecadsolutions.cc, utilizing Bitbucket for file hosting. The pattern continued with the appearance of freecad-solutions.net on November 26, which initially linked back to the first IP but later migrated to the second. This illustrates a coordinated effort among the attackers to maintain their operations despite attempting to conceal their tracks through IP switching.

A series of campaigns continued into December, activating domains like rhino3dsolutions.net and planner5design.net, which saw their hosting migrated between the two malicious IPs. The ongoing nature of these attacks raises concerns over the effectiveness of current protective measures against such sophisticated malvertising schemes.

As for the nature of the threats posed, recent reports suggest that these individuals may also exploit vulnerabilities in web browsers and ad networks, increasing the risk for users who inadvertently click on these ads. The scale and persistence of these campaigns underscore a need for vigilance among graphic design professionals and the general public alike.


Featured image credit: Pankaj Patel/Unsplash

Related Posts

Tesla brings long-wheelbase Model Y to the US

Tesla brings long-wheelbase Model Y to the US

July 3, 2026
Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026
Meta releases Pocket app for generative AI games

Meta releases Pocket app for generative AI games

July 3, 2026
Android Halo will place AI agent updates in status bar

Android Halo will place AI agent updates in status bar

July 2, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026

LATEST NEWS

Tesla brings long-wheelbase Model Y to the US

Opera adds protection against copy-paste ClickFix attacks

Cloudflare will block AI crawlers unless sites opt in

Meta releases Pocket app for generative AI games

Android Halo will place AI agent updates in status bar

WhatsApp usernames spark impersonation and fraud concerns

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Instantchapters

Intellectia

ZipWP

Copyleaks – Plagiarism detector

Clipping Magic

KoalaChat

SpeechText

Booknotes

Unscrambler

LingoLooper

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.