A threat actor registered typosquatting domains masquerading as legitimate IP scanner software and leveraged Google Ads to distribute a new backdoor named MadMxShell. The backdoor uses techniques like DLL sideloading and DNS tunneling for command and control.

Click for details.