Malicious Notepad++ Google ads evade detection for months

Cyber criminals are running a Google Search malvertising campaign targeting users downloading Notepad++. Threat actors create fake websites for distributing malware, exploiting Google Ads to promote these sites. Malwarebytes, which spotted the campaign, believes that victims might unknowingly be downloading Cobalt Strike, a malicious software that often precedes damaging ransomware attacks. Once victims click on the ads, they are redirected to a fake site mimicking the real Notepad++ site, and given malicious download links.