MEDIUM
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Elastic Security Labs disclosed a new campaign distributing the CastleStealer information stealer via a previously unreported loader dubbed OXLOADER. The campaign uses malicious Google Ads as its initial infection vector. Researchers assess the threat actor is likely Russian-speaking and financially motivated. Users should be wary of sponsored search results for software downloads and verify publisher authenticity before installing.