Technology Tips

June 07, 2024

Beware of This New Malvertising Campaign

Written By Securafy Team

Businesses nationwide have recently switched to the new Arc browser for its shortcuts, previewing ability, and lighter and cleaner design. Having gained monumental traction in such a short period, it competes with longstanding browsers like Google Chrome, Microsoft Edge, and Firefox. However, new malvertising efforts are threatening many companies that are making the switch.

How Hackers Get You

The Browser Company released the Arc browser for MacOS in July of 2023. After a good reception from critics, tech enthusiasts, and everyday users, the company created a Windows version. Windows Arc dropped a few short months ago, but it’s been long enough that many are taking advantage of it, including hackers.

These attackers create fake websites that closely resemble the genuine Arc download page. As part of their malvertising campaign, they use Google Ads exploitation to manipulate vulnerabilities that mislead online searchers.

In doing so, the hackers publish ads that look just as realistic, especially since they display the correct URL, but they lead to phony sites with typosquatted domains instead. These domains are usually slightly off, meaning there’s an extra or missing letter or two that users may not notice.

What Happens If You Fall Victim

If employees download this up-and-coming browser on their work desktops or other devices by following the link from one of these ads, it spells disaster for the business. Hitting the download button instantly triggers a trojanized installer from MEGA, a cloud file hosting and storage service. The installer hides a harmful code within a PNG file with this malware payload.

Because of its unique packaging, it seems deceptively innocent to the victim. Unfortunately, they’re not since they allow an external server to make commands, which causes many cybersecurity professionals to believe they’re using it as an information stealer.

MEGA’s command and control center makes sending and receiving data easy, which can place companies at risk. Competitors use this to steal a company’s sensitive information and ruin their reputation. Others conduct a ransomware attack, asking for money before releasing the data back to the business.

What You Can Do To Protect Your Company

If your company is considering trying out the new Arc browser on Windows, the best way to protect your business in the process is by teaching your employees good online habits. For instance, remind them never to download the app from an ad link as they can lead to faux websites. But since they can still find bad sites with a simple Google search, they should also refrain from Googling the browser's name.

Instead, warn them to type in the accurate URL link into the address bar and double-check for typos before hitting enter. As the owner of your business, you should also use ad blockers to avoid malicious ads popping up and use antivirus software to scan all downloads for malware.

You can keep your brand, employees, and consumers safe by keeping an eye out for suspicious activity and staying current on the latest malvertising tactics.

Picture of Securafy Team
About The Author

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.