Hackers Turn To Google Search Ads To Push Info-Stealing Malware

Hackers Turn To Google Search Ads To Push Info-Stealing Malware

November 15, 2023

Imagine you’re an influencer, and you want to reach a new audience while having fun at the same time. So, you decide to try out gaming. You search on Google for OBS, the free video streaming software. You download, install, and proceed to stream for a few hours. Everything goes well. You gain a bunch of new followers, and you go to pick up your significant other from a ferry.

On the way there, you start getting messages that your Twitter account got hacked. You open the app on your phone and see that it’s true. Then you get another message that you’ve gifted an expensive NFT worth thousands of dollars and all your cryptocurrencies. And hackers have taken control of your newsletter and tried to scam your community.

This seems like a nightmare, especially if your livelihood and reputation are at stake. Yet, it happened to Alex, also known as NFT God on Twitter. He’s just one prominent victim of hackers pushing info-stealing malware in Google Ads. But he was vocal about the threat, while many people aren’t.

Google is Filled With Malware Ads

After the OBS case, people started searching for other instances of malware being spread on Google. And there were loads of entries to find. Rufus is one of the examples. It’s a free tool to help you create a bootable USB. The ad on top of the results page on Google contained a generic domain “ruffus.pro,” which had an extra letter in the name, and the “.pro” part to scam people into thinking it has more features. The truth is, there’s no pro version of Rufus, and the only version was available on GitHub. As for the malware, many antivirus programs couldn’t scan it because it was an archive bomb.

Another targeted example was Notepad++, which is a code editor for developers. Then, experts discovered that VLC Media Player, WinRAR, 7-Zip, CCleaner, Blender 3D, Capcut, and many other well-known programs had malicious ad alternatives on top of the Google Rankings. Eventually, the number of malvertising targets exceeded 70.

As for the downloads, they contained anything from the RedLine Stealer, SectoRat, Vidar, and BatLoader. These malware examples could collect crypto, hardware info, and sensitive data like autocomplete information, credit cards, and login details.

Google removed the ads and stated they are doing their best to prohibit impersonating ads. Yet, the same thing happened recently when KeePass, a free password manager, got exploited in a new malvertising campaign.

What’s The Solution?

With threats lurking in every ad, the first thing you should do is get an ad blocker. That’s easy to do on a browser but almost impossible on your phone. Luckily, there’s a workaround. Some VPNs offer ad blockers as an additional feature with your subscription. But then you should install the app from the provider’s website as a VPN APK rather than from Google Play. That’s because Google doesn’t allow ad blocking features (ads are their primary source of revenue).

Next, pay attention to the best cybersecurity practices. Here are some tips to get you started:

  • Pay attention to URLs. Hackers can easily mirror trusted websites but can’t use the original URL. Make sure the websites you visit have an “https” in the beginning, and check the name to be sure there are no extra letters or a different top-level domain (.co instead of .com).
  • Don’t download email attachments. Phishing attacks mostly happen through email. By default, don’t download attachments or click on links in your inbox. If you absolutely must, check the sender’s name and see if there are extra letters in the contact. Look for typos or anything that looks suspicious. As a side note, no customer service representative will ever ask for your password or credit card details. Bear that in mind.
  • Use 2FA. Multi-factor authentication helps you secure an account because it makes it harder for hackers to breach. Whenever you log in, 2FA will ask for a one-time password that you get as an SMS message or as a code in an Authenticator app. Unless someone steals your phone, you can stop hackers from taking over.
  • Think before you click. Results pages can be manipulated. Ads can manipulate you. Any offer that looks too good to be true lures you to click on it. Use common sense, and do a bit of research if something seems out of the ordinary.
  • Don’t open shortened links. Your friends or family can get hacked. Cybercriminals use breached profiles to send shortened links to hack others because of the familiarity factor. If you get a DM with a random link out of nowhere, call the person who sent it and confirm it’s safe. Remember, all it takes is a click.

No Comments

    Leave a Reply