Google Ads Push Malicious CPU-Z App From Fake Windows News Site

A threat actor has been using Google Ads to distribute a trojanized version of the CPU-Z tool, delivering the Redline info-stealing malware. The campaign involves a malicious advertisement for the trojanized tool hosted on a cloned copy of the legitimate Windows news site WindowsReport. When users click on the ad, they are redirected to a fake Windows news site, where they are prompted to download a digitally signed CPU-Z installer. This installer contains a malicious PowerShell script known as the 'FakeBat' malware loader. The loader then fetches the Redline Stealer payload, which is a powerful info-stealing malware capable of collecting passwords, cookies, browsing data, and sensitive information from cryptocurrency wallets. Users are advised to be cautious when clicking on promoted Google search results and to verify the legitimacy of the website before downloading software tools.