Recently, many hackers have taken advantage of the Google Ads platform to spread malware to users looking for applications. The malware can later steal user data.
Some of the applications used by hackers include MSI Afterburner, Grammarly, Dashlane, Slack, Malwarebytes, OBS, Ring, Audacity, AnyDesk, TeamViewer, Thunderbird, Brave, Libre Office, and Torrent.
These actors create website clones of these applications and trick users into downloading applications that have been inserted by Trojans which can later steal the user’s data.
Hackers take advantage of loopholes in Google Ads?
As you know, the Google Ads platform is an advertising platform that can be used to promote pages on Google search. Google Ads will place ads in the first position and often above the official sites you are looking for.
That is, when someone searches for an application such as for example OBS, Google ads will place ads related to OBS in the first position then the official OBS website in the second position.
Users who don’t use ad blockers will naturally think the top advert is the official site of the app they’re looking for. With such loopholes, hackers try to trick many users.
The main way to trick it is to create a clone site from the official website of the application you are looking for. Google itself will remove ads if the advertised site looks suspicious.
Reporting from the GuardIO Labs report, these hackers will trick potential victims to click on a fake site that is clean of viruses, which later on the site will automatically redirect to a fake page from the application you are looking for.
Fake sites that have viruses are not detected by bots and various forms of virus prevention because they can only be accessed by accessing a clean site first.
The downloaded data will later be in the form of ZIP or .MSI which will be uploaded to large sites such as GitHub, Dropbox, or CDN Discord. This is so that the anti-virus on the user’s PC does not prohibit downloading the malware.
This malware works the same as the original application, but the difference is that this malware will install other applications such as Raccoon Stealer or RedLine Stealer onto the user’s device to steal existing data such as email, passwords, and even credit card data.
How to Avoid Malware from Google Ads Ads
The safest way to avoid these fake ads is to understand which apps to look for and scan downloaded files on sites like VirusTotal. That way, we will know whether the application has a virus or not.
Another way is to scroll first and choose an official site so that users avoid dangerous malware. Apart from that, if the downloaded installer has an unreasonable size, then it is very likely that the application is malware.
And the last way is to look at the site address before we download the application. If the site address looks odd or the letters are swapped in place, then it is most likely a fake site.