Google website on iPhone

Hackers are promoting info-stealing malware through Google Search advertisements, using fake websites to dupe victims into downloading popular software that leads to attackers taking over online accounts.

Cryptocurrency influencer NFT God, or Alex, fell victim to the campaign, claiming that their personal and professional account was compromised, resulting in threat actors infiltrating their Twitter, Substack, Discord, and Gmail. Moreover, it led to the crypto user losing a “life-changing” net worth. 

Alex downloaded Open Broadcaster Software (OBS), a popular live-streaming software, via a sponsored Google ad link. According to cybersecurity site BleepingComputer, it was likely a malicious executable that stole their private credentials, passwords, cookies, and cryptocurrency wallets. “Nothing happened when I clicked the EXE,” NFT God states, but Alex was notified a few hours later that their account was hacked. 

This isn’t the first instance of hackers using Google ads to employ info-stealing malware, as cybersecurity analysts discovered more fake websites luring unsuspecting victims to download popular software.

Beware of malicious Google ads

Google Search results ads have been hit with malicious download links impersonating free software. Cybersecurity firms and researchers, including Trend Micro, Guardio, MalwareHunterTeam, Will Dormann, and more, discovered several fake websites appearing at the top of search results, even before the official websites.

Earlier this month, Dormann uncovered a fake Notepad++ download that antivirus software picked up, which was spotted in the sponsored section of Google Search. The security researcher also found Blender 3D, an open-source 3D creation suite, to be used in the malware campaign, with one user, Nox Scimitar on Twitter, nearly falling victim. MalwareHunterTeam noted that three malicious ads were found when searching for Blender 3D. 

Blender 3D fake Google Search ad with malware
Blender 3D Google ads (via Nox Scimitar)

HP’s Wolf Security blog released a list of fake links to avoid, which includes everything from Discord to Slack. BleepingComputer notes that the reported malware-ridden ads have been removed by Google, with the list including 7-Zip, Blender 3D, CCleaner, Notepad++ VLC Media Player, and more. However, cybercriminals are likely to continue using this method to steal a user’s personal information, so it’s a good idea to stay protected.

Avoid being a victim

Google ads are sponsored links before the official results you are looking for. While they may be official, it’s always best to click on the official website that isn’t labelled with “Ad.” Reading the URL is also a good indicator for letting you know if the site is authentic, as suspicious links will have minor complications to look like the official website at a glance but often have a “-” or are spelt differently.

Getting an ad blocker will also keep malicious links from appearing. Ad blockers, such as AdBlock PlusAdBlock, or uBlock Origin, can be used as browser extensions in Google Chrome, Safari, Microsoft Edge, and more. However, to help stay protected from all kinds of malware, you can also find ad blockers in antivirus software, including BitdefenderNortonMcAfee, and more. Wondering which antivirus app is best for you? Check out how to choose the best antivirus software

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here