"..LOBSHOT then deploys an hVNC module allowing access to the hidden desktop as if they were in front of it. At this point the threat actors have complete control over the device, allowing them to execute commands, steal data, and even deploy further malware payloads and spread laterally to other devices to lead to other attacks.
Dave Ratner, CEO, HYAS had this comment:
“Remote access trojans and other nefarious attacks delivered via Google Ads are becoming more common. While difficult to spot and detect initially, having the visibility into outbound, anomalous communication via Protective DNS solutions can prove critical to identifying these types of attacks and stopping them before they steal data, deploy further malware payloads, and spread laterally through the organization.”. . . ( Read Full Article . . )