Hackers increase abuse of Google Ads platform to target users


New Delhi, Dec 29 (IANS): Hackers have increased their abuse of the Google Ads platform to target users searching for popular software products.

Among the software products being impersonated include Grammarly, Slack, Dashlane, Audacity, ITorrent, AnyDesk, Libre Office, Teamviewer, Thunderbird, and more, reports Bleeping Computer.

"The threat actors clone official websites of the above projects and distribute trojanised versions of the software when users click the download button," the report mentioned.

The Google Ads platform helps advertisers promote pages on Google Search.

Users looking for original software products on a browser without an active ad blocker are likely to click on malicious links "because it looks very similar to the actual search result".

"The moment those 'disguised' sites are being visited by targeted visitors, the server immediately redirects them to the rogue site and from there to the malicious payload," explained Guardio Labs.

Those rogue sites are practically invisible to visitors.

If Google detects that the landing site is malicious, the campaign is blocked and the ads are removed.

The malware payload, which comes in ZIP or MSI form, is downloaded from reputable file-sharing and code-hosting services such as GitHub, Dropbox, or Discord's CDN.

"This ensures that any anti-virus programmes running on the victim's machine won't object to the download," the report mentioned.

Guardio Labs recently observed a campaign where the threat actor lured users with a trojanised version of Grammarly. The malware was bundled with the legitimate software.

 

  

Top Stories


Leave a Comment

Title: Hackers increase abuse of Google Ads platform to target users



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.