Rufus malvertising campaign (12-13-2025)
- Description: Malicious Google Search ad for Rufus
- Severity: Medium
- Reporter: Jérôme Segura
- Reported to Google: 12/13/2025
Google Search Ad
Traffic view
Decoy page
IOCs
| Fake page | hxxps[://]codirufus-usb[.]com/ | Payload URL | hxxps[://]www[.]dropbox[.]com/scl/fi/8295tc67gjshse8zy66r3/rufusie-849120[.]zip |
| Payload SHA256 | 76de5d94805b05ba9aa026bf78f8466f7f41288dd2e11280ccbe67208c766283 |