RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.

The latest campaign was uncovered by Trend Micro, who have followed RomCom since the summer of 2022. The researchers report that the threat actors behind the malware have escalated its evasion by using payload encryption and obfuscation and expanded the tool’s capabilities by introducing new and powerful commands.

Most websites used for distributing RomCom to victims concern remote…