Impostor Scams: How Hackers Exploit Google Search Ads
Impostor Scams: How Hackers Exploit Google Search Ads
Phishing links and malware are a familiar threat to anyone who browses the internet. Still, sophisticated attacks can catch even the most security-minded users off guard. And nothing’s more sophisticated than impersonating Google on Google’s own platform.
In a recent malicious advertising campaign, hackers purchased “Sponsored” Google Search ad space to advertise a false Google Authenticator download link. Anyone who searched for “Google Authenticator” could come across this advertisement, which looked perfectly legit and appeared to utilize the URL “www.google.com .”
Upon clicking the ad, victims were met with a convincing clone of the Google Authenticator website with the URL “www.chromeweb-authenticators.com .” Pressing the prominent “Download Authenticator” button on this website triggered a download for “Authenticator.exe,” an executable hosted on GitHub and signed by a developer. The source of this executable, plus the fact that it was signed, meant that there was no scrutiny from victims’ web browsers or Windows Defender antivirus.
The executable was actually an info-stealer malware called DeerStealer. Malwarebytes caught wind of the malicious advertising campaign and promptly contacted Google, which removed the offending ad from its platform.
Malwarebytes
As for how this happened—well, it’s really quite simple. Google accidentally sold ad space to hackers. In a conversation with Bleeping Computer , the company said that hackers bypassed human and automated quality control systems by “using text manipulation and cloaking to show … different websites than a regular visitor would see.”
Most people know better than to click random ads. The problem, of course, is that Google’s “Sponsored” search results aren’t traditional advertisements. They’re designed to be relevant to whatever topic you’re searching, and they’re often utilized by legitimate companies that want to be featured more prominently in Google Search. Even if you realize that a search result is “Sponsored,” it may be exactly what you were trying to find.
In this case, victims were searching for a Google product on a Google website. They found an ad for the product and clicked it, because why wouldn’t they?
This isn’t the first time that Google’s advertising platform has been utilized for malware distribution or phishing. In fact, fighting malware has been a decades-long struggle for Google, and it will inevitably continue to be a struggle in the future. (This is despite the fact that, historically speaking, Google is the most proactive in removing malware from its ad platform and search engine.)
We suggest that you avoid clicking “Sponsored” results in Google Search. This may be easier said than done, as it’s difficult to distinguish these ads from normal search results.
Source: Malwarebytes via Bleeping Computer
Also read:
- [New] 2024 Approved Insider's Guide to Powerful Win10 Habits
- [New] Boosting Video Scale in YouTube Recordings
- [New] In 2024, Best Templates, No Cost! Explore Premiere Pro Samples (FREE)
- [New] Premium Collection of Animated Texts
- [New] Unveiling VR's Elite Accessories (Top 10) for 2024
- [Updated] Beyond Code The Story of Virtual Reality
- [Updated] Complete Visual Field Review with Cam
- [Updated] Easy-to-Navigate Top 10 YouTube Downloader Tools
- [Updated] In 2024, From Components to Creativity Building a Professional 4K PC
- [Updated] Step-by-Step Process to Get a Clean Canvas in Figma
- 2024 Approved Draft Satirical Graphics for Giphy Use
- Getting the Sound Back: Fixing Inactive Mics in Oculus Quest 2 Headsets
- In 2024, Crafting Your Dream Minecraft House with Ease
- In 2024, Is Your iPhone 15 Plus in Security Lockout? Proper Ways To Unlock
- Overcoming Early Access Obstacles: Fixing 'Valheim Won't Launch' Problems Releases
- Prime Retro Elements Reviving Classic VHS Tricks for 2024
- Step-by-Step Guide: Disabling iOS Push Alerts and Hiding Lockscreen Notifications
- Still Using Pattern Locks with Meizu 21 Pro? Tips, Tricks and Helpful Advice
- Vivid Vistas in Video A Closer Look at LG's Monitor, 31MU97-B for 2024
- Title: Impostor Scams: How Hackers Exploit Google Search Ads
- Author: Edward
- Created at : 2025-01-11 16:51:38
- Updated at : 2025-01-17 18:39:14
- Link: https://vp-tips.techidaily.com/impostor-scams-how-hackers-exploit-google-search-ads/
- License: This work is licensed under CC BY-NC-SA 4.0.