The DEV-0569 threat actor was found abusing Google Ads in ongoing advertising campaigns to deploy malware, exfiltrate victims’ passwords, and breach networks for ransomware attacks. Some of the top programs impersonated by adversaries are Rufus, 7-Zip, FileZilla, LightShot, AnyDesk, LibreOffice, VLC, Awesome Miner, WinRAR, and TradingView.