• Admin

Fake Update Ads Steal Your Passwords

Published: December 20, 2021 on our newsletter Security Fraud News & Alerts Newsletter.



We know the cyber-cheats are always out there using every trick in the book to steal our money, identities and whatever else they can get their hands on. So, the next time you’re alerted to a software update, especially one appearing in an online ad, it’s time to step back and take a closer look before tapping “Download.”


This latest “malvertising” (malicious advertising) campaign named Magnat by Cisco Talos, lures unsuspecting users into downloading their disguised “software update.” Both legitimate and malicious ads are running rampant online all the time. Unfortunately, Magnat malware has nothing to do with updating and everything to do with installing their info-stealer.



Magnat’s malvertising campaign is believed to have been continually developed since its discovery in 2018. The now custom, improved malware is being used at this very moment and surely will continue doing damage well into the new year. Magnat uses malvertising fake updates as their Trojan Horse for entering a system. Once inside, Magnat goes to work stealing passwords and much more. With Magnat’s additional malicious features, a ton of PII (personally identifiable information) is up for grabs and we already know it’s landing in the wrong hands.


Magnat’s Additional Features


Magnat’s password stealing ability isn’t all this malvertising campaign offers to squelch your fun. The second feature is a backdoor installer dubbed MagnatBackdoor that infects Windows systems and enables a covert remote desktop protocol (RDP) allowing attackers to control a system remotely from their location. Remote access also allows threat actors entry to the device’s system whenever they want or need.



Magnat’s third and final feature (at least for now) is a malicious Google Chrome extension downloader that’s not found in Google’s Chrome Extension Store. The purpose of this extension is stealing data directly from the Chrome web browser. The extension includes keylogging, taking screenshots, stealing information input on various forms, and hijacking cookies. All the data from these actions are sent back to the cybercriminals who look forward to exacting damage on their victims.



To help keep your data out of the wrong hands, beware any online ads offering updates for a software product you use. Think before you click on these ads unless you’re positive you’ll end up at the legitimate source. It’s better to go to the trusted software update site yourself to see if there’s really an update available, and download it from there. In addition, don’t download browser extensions unless absolutely necessary. They are becoming a popular way to spread malware.


Remember to think before you click, especially when it involves following online ads!


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

2 views0 comments