The malware downloader BATLOADER has been observed abusing Google ADs to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity researchers, malicious ads are used to spoof a wide range of legitimate apps and services, such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, is a loader responsible for distributing next-stage malware such as information stealers, banking malware, Cobalt Strike, and even ransomware.
See: https
