Hackers have been capitalizing on the growing popularity of the Arc browser by deploying malicious Google search ads to mislead users into downloading malware. The Arc browser, developed by The Browser Company, has recently seen a surge in interest and positive reviews, particularly with its new Windows version release. Cybercriminals have created deceptive ads that mimic official Arc promotions, complete with logos and headlines, to lure victims.
When users search for terms like “arc installer” or “arc browser windows,” they encounter ads that redirect them to fake websites. These sites offer a download purportedly for Arc but instead deliver malware. The primary installer, ArcBrowser.exe, contains two executables: one that installs the legitimate Arc software and another that contacts the MEGA cloud platform to initiate further malicious activities.
Researchers found that the malware retrieves additional payloads, including one disguised as a PNG image, which is actually malicious code. This malware uses a legitimate Python executable to inject code into MSBuild.exe, a Windows process, to establish persistence. The malware then communicates with a command and control server via various encoded queries.
The attackers’ sophisticated use of social engineering and brand impersonation highlights the need for heightened vigilance when downloading new software. Users are advised to verify the legitimacy of download sources and be wary of sponsored search results, as even trusted brands can be exploited by cybercriminals. Endpoint Detection and Response (EDR) tools can help detect and mitigate such threats by identifying suspicious activity patterns.
Reference:
