Site icon TechNewsBoy.com

Google AdWords is being hijacked by scammers

Scott Marlette

Scammers are abusing Google Adwords, the search engine giant’s advertising platform, to spread malware to people looking for legitimate and popular software.

Google’s safety measures are usually robust, but experts found that they managed to employ a workaround.

The campaign is simple – the crooks would clone popular software such as Grammarly, MSI Afterburner, Slack, or others, and infect them with an infostealer. In this case, the attackers were adding Raccoon Stealer, and IceID malware loader. Then, they would create a landing page where the victims would be sent to download the malicious programs. These pages were designed to look seemingly identical to the legitimate ones.

Tricking Google

Then, they would create an ad and place it on Google Adwords. That way, whenever someone searches for either these programs or other relevant keywords, they’d see the ads in various places (including the top positions on the Google search engine results page). 

The trick is that Google’s algorithm is relatively good at spotting malicious landing pages hosting dangerous software. To bypass the security measures, the attackers would also create a benign landing page to which the ad would send the visitors. 

That landing page would then immediately redirect the victims to the malicious one. 

Cyberattack campaigns that leverage legitimate software to distribute malware are nothing new, but researchers have mostly been in the dark when it comes to methods to actually get people to the landing pages. In late October, researchers discovered a major campaign with more than 200 fraudulent domains, but up until today, no one knew how the domains were advertised.

Now that the plot has been discovered, Google can be expected to swiftly terminate the campaign (if it hadn’t done that already).

Besides the abovementioned apps, the crooks were also impersonating (opens in new tab) these programs: Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version