SecurityThe Hacker Newsabout 5 hours ago

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

1 min read

A new malware loader called OXLOADER uses malicious Google Ads to deliver CastleStealer. The campaign, codenamed REF8372, targets users searching for "lts version of node.js" with fake ads. The loader employs multiple obfuscation layers and abuses Windows.reloc section to stage shellcode. The advertiser account was removed from Google on May 14, 2026.

Level

Hype check

Tap to vote and see what everyone thinks.

In this storyGoogle

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

More to chew on!

More to chew on!