Hackers are promoting info-stealing malware through Google Search advertisements, using fake websites to dupe victims into downloading popular software that leads to attackers taking over online accounts.
Cryptocurrency influencer NFT God, or Alex, fell victim to the campaign, claiming that their personal and professional account was compromised, resulting in threat actors infiltrating their Twitter, Substack, Discord, and Gmail. Moreover, it led to the crypto user losing a “life-changing” net worth.
Alex downloaded Open Broadcaster Software (OBS), a popular live-streaming software, via a sponsored Google ad link. According to cybersecurity site BleepingComputer, it was likely a malicious executable that stole their private credentials, passwords, cookies, and cryptocurrency wallets. “Nothing happened when I clicked the EXE,” NFT God states, but Alex was notified a few hours later that their account was hacked.
This isn’t the first instance of hackers using Google ads to employ info-stealing malware, as cybersecurity analysts discovered more fake websites luring unsuspecting victims to download popular software.
Beware of malicious Google ads
Google Search results ads have been hit with malicious download links impersonating free software. Cybersecurity firms and researchers, including Trend Micro, Guardio, MalwareHunterTeam, Will Dormann, and more, discovered several fake websites appearing at the top of search results, even before the official websites.
Earlier this month, Dormann uncovered a fake Notepad++ download that antivirus software picked up, which was spotted in the sponsored section of Google Search. The security researcher also found Blender 3D, an open-source 3D creation suite, to be used in the malware campaign, with one user, Nox Scimitar on Twitter, nearly falling victim. MalwareHunterTeam noted that three malicious ads were found when searching for Blender 3D.
HP’s Wolf Security blog released a list of fake links to avoid, which includes everything from Discord to Slack. BleepingComputer notes that the reported malware-ridden ads have been removed by Google, with the list including 7-Zip, Blender 3D, CCleaner, Notepad++ VLC Media Player, and more. However, cybercriminals are likely to continue using this method to steal a user’s personal information, so it’s a good idea to stay protected.
Avoid being a victim
Google ads are sponsored links before the official results you are looking for. While they may be official, it’s always best to click on the official website that isn’t labelled with “Ad.” Reading the URL is also a good indicator for letting you know if the site is authentic, as suspicious links will have minor complications to look like the official website at a glance but often have a “-” or are spelt differently.
Getting an ad blocker will also keep malicious links from appearing. Ad blockers, such as AdBlock Plus, AdBlock, or uBlock Origin, can be used as browser extensions in Google Chrome, Safari, Microsoft Edge, and more. However, to help stay protected from all kinds of malware, you can also find ad blockers in antivirus software, including Bitdefender, Norton, McAfee, and more. Wondering which antivirus app is best for you? Check out how to choose the best antivirus software.
