New OXLOADER Malware Uses Google Ads to Deliver CastleStealer Infostealer

A new Windows loader named OXLOADER has been identified, utilizing advanced obfuscation techniques to evade detection. This malware delivers the CASTLESTEALER infostealer through malicious Google Ads that impersonate legitimate software like Node.js and API Monitor. Victims are redirected through intermediary domains to download and execute OXLOADER via Storj-hosted batch scripts. The campaign highlights the increasing sophistication of malware delivery methods, particularly through malvertising. As of now, there are no reported numbers of affected users or organizations. Security professionals are advised to remain vigilant against such threats. The current status of the malware is active and ongoing.

Key Points: • OXLOADER employs advanced obfuscation to evade detection and analysis. • The malware is delivered via malicious Google Ads impersonating legitimate software. • CASTLESTEALER infostealer is the primary payload of the OXLOADER malware.