Malicious Google ads have been leveraged by threat actors to target employees of U.S. home improvement retail chain Lowe's as part of a new malvertising campaign, Cybernews reports.
Attacks involved the creation of several ads redirecting to spoofed versions of Lowe's MyLowesLife employee portal in a bid to compromise credentials from current and former workers, according to a report from Malwarebytes Labs. Threat actors also sought to evade hosting provider and domain registrar detection by using artificial intelligence-generated templates to establish the phishing sites. After seeking targets to input their sales numbers and passwords that are later exfiltrated, such phishing sites prompt users to answer a security question before redirecting to the legitimate MyLowesLife website that will ask for another login, said Malwarebytes researchers. Google has since removed the malicious ads, noted researchers, who urged all workers looking to use their respective employee portals to search their company's official website or bookmark the portal rather than using sponsored search results.
