th3_protoCOL, #malvertising themed around the gaming app "parsec"
Initial fake site: parsecus[.]net
Malware downloaded from: parsecworks[.]com
Digitally signed malware "parsec-windows.exe"
Both the distribution site and download url are hosted on 93.190.143.252
Google displaying malware ads above the true website for parsec
Screenshot of virus total, 3/63 vendors are detecting the file
Malware with a digital signature from SSL.com, signed 2 days prior on the 19th
Add comment