Trojanized PyCharm Software Version Delivered via Google Search Ads

Trojanized PyCharm Software Version Delivered via Google Search Ads

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads.

“Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible to people doing a Google search for it,” Jérôme Segura, director of threat intelligence at Malwarebytes, said in a report.

“Victims who clicked on the ad were taken to a hacked web page with a link to download the application, which turned out to install over a dozen different pieces of malware instead.”

Trojanized PyCharm Software

As a result, a threat actor with capabilities to alter the website’s content could also make the ad campaigns a lucrative tool for abuse, effectively serving Google Search users ads that can result in unintended behavior.

“What happened here is Google Ads dynamically generated this ad from the hacked page, which makes the website owner an unintentional intermediary and victim paying for their own malicious ad,” Segura explained.

The development comes as Akamai detailed the infrastructure behind a sophisticated phishing campaign targeting hospitality sites and their customers.

“The campaign is a global threat, with a notable amount of DNS traffic seen in Switzerland, Hong Kong, and Canada,” the company said.