Scammers are abusing Google Adwords, the search engine big’s promoting platform, to unfold malware to individuals on the lookout for authentic and fashionable software program.

Google’s security measures are often strong, however consultants discovered that they managed to make use of a workaround.

The marketing campaign is straightforward – the crooks would clone fashionable software program similar to Grammarly, MSI Afterburner, Slack, or others, and infect them with an infostealer. On this case, the attackers had been including Raccoon Stealer, and IceID malware loader. Then, they’d create a touchdown web page the place the victims can be despatched to obtain the malicious applications. These pages had been designed to look seemingly similar to the authentic ones.

Tricking Google

Then, they’d create an advert and place it on Google Adwords. That method, every time somebody searches for both these applications or different related key phrases, they’d see the advertisements in numerous locations (together with the highest positions on the Google search engine outcomes web page). 

The trick is that Google’s algorithm is comparatively good at recognizing malicious touchdown pages internet hosting harmful software program. To bypass the safety measures, the attackers would additionally create a benign touchdown web page to which the advert would ship the guests. 

That touchdown web page would then instantly redirect the victims to the malicious one. 

Cyberattack campaigns that leverage authentic software program to distribute malware are nothing new, however researchers have largely been at midnight on the subject of strategies to truly get individuals to the touchdown pages. In late October, researchers found a significant marketing campaign with greater than 200 fraudulent domains, however up till in the present day, nobody knew how the domains had been marketed.

Now that the plot has been found, Google could be anticipated to swiftly terminate the marketing campaign (if it hadn’t finished that already).

In addition to the abovementioned apps, the crooks had been additionally impersonating (opens in new tab) these applications: Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Workplace, Teamviewer, Thunderbird, and Courageous.

• These are the perfect endpoint safety (opens in new tab) providers proper now

By way of: BleepingComputer (opens in new tab)