The Google Ads platform helps advertisers promote web pages on Google Search.
Post Date – 11:22 AM, Thu – 29 December 22
New Delhi: Hackers have increased their abuse of the Google Ads platform to target users searching for popular software products.
According to Bleeping Computer, the impersonated software products include Grammarly, Slack, Dashlane, Audacity, ITorrent, AnyDesk, Libre Office, Teamviewer, Thunderbird, and more.
“Threat actors clone the official websites of the aforementioned projects and distribute Trojanized versions of the software when users click the download button,” the report said.
The Google Ads platform helps advertisers promote web pages on Google Search.
Users looking for an original software product on a browser without an activated ad blocker are likely to click on the malicious link “because it looks very similar to the actual search result”.
Guardio Labs explained: “When targeted visitors visit these ‘fake’ sites, the server immediately redirects them to the rogue site and from there to the malicious payload.”
These rogue sites are virtually invisible to visitors.
If Google detects that a login site is malicious, it blocks the activity and removes the ad.
Malware payloads in the form of ZIP or MSI are downloaded from reputable file sharing and code hosting services such as GitHub, Dropbox or Discord’s CDN.
“This ensures that any antivirus programs running on the victim’s machine will not object to the download,” the report said.
Guardio Labs recently observed a campaign in which threat actors used a Trojanized version of Grammarly to lure users. Malware is bundled with legitimate software.
