>
Scammers are exploiting Google Adwords, the search engine giant’s advertising platform, to distribute malware to people looking for legitimate and popular software.
Google’s security measures are usually robust, but experts found they managed to find a workaround.
The campaign is simple: the crooks clone popular software such as Grammarly, MSI Afterburner, Slack or others, and infect it with an infostealer. In this case, the attackers added Raccoon Stealer and IceID malware loader. Then they would create a landing page where victims would be directed to download the malicious programs. These pages are designed to appear seemingly identical to the legitimate pages.
cheat Google
Then they would create an ad and place it on Google Adwords. That way, someone searching for these programs or other relevant keywords will see the ads in different places (including the top positions on the Google search engine results page).
The trick is that Google’s algorithm is relatively good at spotting malicious landing pages hosting dangerous software. To evade the security measures, the attackers would also create a benign landing page where the ad would send the visitors.
That landing page would then immediately redirect the victims to the malicious one.
Cyber-attack campaigns that use legitimate software to distribute malware are nothing new, but researchers are largely in the dark when it comes to methods of actually getting people to the landing pages. At the end of October, researchers discovered a major campaign involving more than 200 fraudulent domains, but until now no one knew how the domains were being advertised.
Now that the plot has been discovered, Google can be expected to end the campaign quickly (if it hadn’t already).
In addition to the aforementioned apps, the crooks also occurred (opens in new tab) these programs: Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.
Through: Beeping computer (opens in new tab)