Beware of Malvertising Attacks Targeting Arc Browser’s Windows Launch

Arc, a web browser known for its innovative user interface, made its debut on macOS in July 2023 and quickly won praise from both tech enthusiasts and critics. Building on this success, the much-anticipated Windows version of Arc was recently released. 

Malicious Google ads for Arc (Source: Malwarebytes)

However, the launch has also drawn the unwanted attention of attackers who are exploiting Google Ads to to distribute trojanized installers, infecting users with malware payloads. Find out how you can stay safe below!

Google Ads Exploited in Malvertising Campaign

During the Windows launch of Arc, cybercriminals orchestrated a sophisticated malvertising campaign. According to Malwarebytes, these cybercriminals took advantage of Google’s ad platform – a service with known vulnerabilities that previously have been manipulated to mislead users of Amazon, Whales Market, WebEx, and YouTube. 

This time, the attackers published ads that appeared legitimate, featuring the correct URLs for downloading the Arc browser. However, clicking these ads redirected potential users to fake websites that mimicked the authentic Arc download page.

The Mechanics of the Malware Infection

On these deceptive sites, when visitors clicked the “Download” button, they unknowingly initiated the download of a trojanized installer from the MEGA hosting platform. This installer not only fetched a malicious PNG file containing harmful code but also downloaded a deceptive executable file, ‘bootstrap.exe’, from an external source. 

Trojanized Arc installer (Source: Malwarebytes)

This file was key to retrieving and launching the final malware, ‘JRWeb.exe’, directly onto the user’s system. Moreover, there was an additional complex attack chain noted where a Python executable was used to secretly insert code into the ‘msbuild.exe’ process, enabling the malware to execute commands fetched from an external server. 

These activities suggest that the ultimate goal of these attacks might be to steal sensitive information, although this has yet to be confirmed definitively. Despite the Arc browser installing correctly, the simultaneous running of these malicious files could go unnoticed by users, leaving their devices compromised. 

How to Stay Safe

Here is how you can protect yourself from malvertising threats:

• Avoid Promoted Search Results: Steer clear of advertised search results related to the Arc browser, as they could lead to malicious sites.

• Use Ad Blockers: Install a high-quality ad blocker to reduce the risk of encountering deceptive ads.

• Download from Trusted Sites: Only use well-known, trusted websites for downloading Arc to ensure the installer is legitimate.

• Scan All Downloads: Use reliable antivirus software to scan any downloads for malware before installation.

Related Reads: 

• The Rise of Malvertising Attacks by FIN7
• Fake IP Scanner Software Advertised on Google Ads Contains Malicious Backdoor