Cybersecurity researchers have uncovered a sophisticated malware campaign that uses paid search ads and manipulated GitHub links to deliver malicious payloads, targeting Western European IT and software firms. The campaign employs advanced evasion techniques like encrypted payloads and GPU-based decryption routines, posing significant threats to organizations. #GPUGate #Malvertising
Keypoints
- The campaign uses paid Google ads and altered URLs to trick users into downloading malware.
- The first-stage malware is a 128 MB MSI file employing GPU-based encryption techniques to evade detection.
- The attack chain involves Visual Basic Scripts, PowerShell, and administrator-level actions for persistence.
- The threat actors show Russian language influence and may deploy cross-platform payloads like Atomic macOS Stealer.
- Exploiting GitHub commits and Google Ads allows attackers to mimic legitimate repositories and deliver malicious content effectively.
Read More: https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html