Malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
One campaign utilized a Google ad promoting - for example - a fake Cisco AnyConnect Secure Mobility Client download – hosted on a domain “appcisco[.]com”.
This site delivered a trojanized MSI installer. It installs the desired original application but installs different malware additionally.