Hackers are using Google Ads for well-known apps to spread malware

[harlan4096]

In many ways, ads are a frustrating part of the internet’s current primary business operating model. However, beyond the annoying pop-ups and the industrial-scale collection of your personal and private data, there may be more direct threats lurking in the ads you are seeing pop up on the internet sites you visit.



It has been observed that malware operators have been taking advantage of the Google Ads platform to spread malware to users who are looking for popular software products. A report by Guardio Labs has uncovered what the researchers are calling “MasquerAds”, which are targeting organizations, GPUs, and Crypto Wallets.

The campaigns often involve impersonating products such as Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, ?Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.

The Google Ads platform allows advertisers to promote their pages on Google Search, placing them near the top of the results list as advertisements that look like search results. This can lead to situations where users searching for legitimate software may see the promoted page before they see the official website of the project. Since these promoted pages are designed to look similar to actual search results, users may be more likely to click on them without realizing that they are advertisements.

The malicious actors behind the campaigns create fake versions of the official websites for the products they are targeting and then distribute trojanized versions of the software when users click the download button. Some of the malware sent through these campaigns includes variants of Raccoon Stealer, a customized version of the Vidar Stealer, and the IcedID malware loader.

If this sounds like something you would expect the Google Ads platform to detect and block you would be right, but the scammers are using tricks to get around the Google Ads detection measures. The main method, according to Guardio Labs is to have the ads take users to an ordinary-looking site that is free of infectious elements. However, as soon as the victims land on these extra sites, they are automatically redirected to the malicious sites that are built to look as much like the true site for the well-known product or service as possible.

There are several ways to try and keep yourself safe from these types of scams. The first is to familiarize yourself with the types of warning signs you will see when you are looking at a phishing scam or fake link. This anti-phishing infographic will help you with that. Another thing you can do is install an Ad Blocker as it will filter out the promoted links from appearing at the top of your searches.
...

Continue Reading