Fake Google ads can lead you to download malware

2023-01-16
Mirsad

Malicious Google ads, also known as "malvertising," are ads that have been designed to infect a user's computer with malware. These ads can appear on any website that uses Google's advertising network, including popular sites like YouTube and Gmail. Cybercriminals are tricking unsuspecting users into downloading malware that steals personal information by using malicious Google ads and web pages.

One common tactic used by attackers is to create a fake ad that looks like a legitimate download or update for a popular piece of software.

Another tactic is to use exploit kits, which are tools that exploit vulnerabilities in a user's web browser or computer to install malware without their knowledge. Some exploit kits even use browser or operating system vulnerabilities that are not yet publicly known, known as zero-day vulnerabilities, to increase the chance of successful attacks.

Here is one example that we detected recently:

The ad will be displayed if you search for "obs download" or similar keywords.

OBS (Open Broadcaster Software) is free and open source software for video recording and live streaming.

When victim clicks on that ad it will be redirected to obsproect[.]site (note missing letter in domain name and wrong tld) - original website is obsproject.com.

If the victim attempts to download software, they will be prompted with this URL:

https://bitbucket[.]org/fightcillo/downloads-forus/downloads/Setup.zip

Avoid opening or downloading any files from these websites!

After submitting file to popular VirusTotal service, we can see that there are multiple indicators that file has malicious behavior.

Behavioral analysis showed that file has characteristics of trojan, meaning that attackers can steal any information from infected user - including cryptocurrency assets.

According to one Twitter user, his computer was infected with malware when he clicked a sponsored link in a Google search when he went to download the streaming software OBS.

Not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.

In conclusion, malicious Google ads are a serious threat to the security of your computer. By taking steps to protect yourself, such as keeping your software up to date and using ad-blockers and anti-virus software, you can reduce the risk of being infected with malware from these ads. It is important to be vigilant and cautious when browsing the internet, as attackers are constantly finding new ways to distribute malware through ads.

Alvosec is Block Producer for Proton

Download WebAuth.com wallet and earn daily staking rewards.

vote for us

Ready for Action?

Don’t hesitate to contact us if you need more information.
Let's Go!
ALVOSEC
BTC: bc1qnn4zfqqtexl4fkjk2vz6tk74sn92x326wwn0ph

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram