Recently Bing announced their AI-Image Generator which created a buzz on social media as it helped to create attractive images for social media handles, utilizing the interest. Bad actors took advantage and ran sponsored ads of a website leading to download a malicious file.

Analysis of Sponsored Ads Campaigns

We analyzed transparency of Pages running Ads Campaign and determined unusual name changes. We also found that Pages are being handled from Bangladesh, Afghanistan, Vietnam, and Indonesia.

A screenshot of a page transparency

Description automatically generated

Analysis of Malicious file

The link given in Ad Campaign redirects the user to a malicious website leading to download a compressed archive containing malicious file.

We scanned the downloaded malicious file and found that it was infected with Adware named trojan.extenbro/meka

What is Extenbro Trojan?

ExtenBro is a DNS changing Trojan that blocks users from accessing security sites to prevent them from downloading antivirus software. When installed, a scheduled task will be created that automatically launches the Trojan on startup and redirects the user to more malicious websites, and  displays Ads popup which may used for Cookies, Password stealing and to install a spyware.

A screenshot of a computer

Description automatically generated

How to avoid getting infected

To prevent the Extenbro virus or similar browser-based threats, consider the following general security practices:

Verify Legitimacy:

Verify the legitimacy of  websites/pages before clicking them.

Be Cautious with Downloads:

Avoid downloading files or software from untrusted sources. Stick to official websites for downloads.

Browser Updates:

Ensure that your web browser is up to date. Browser updates often include security fixes that help protect against various threats.