A surge of malvertising across Google Ads is distributing dangerous malware

Security researchers (abuse.ch and The Spamhaus Project) observed a surge in Google Ads-based malvertising campaigns that impersonate services like Mozilla Thunderbird and Microsoft Teams to deliver malware (IcedID, MetaStealer) and link to lookalike/typo domains associated with stealers such as Aurora Stealer and Vidar; the actors are using typosquatted and fake domains to evade detection.