Buzz
There's a hazardous trend unfolding globally within the hacker community, the exploitation of the Google Ads platform to disseminate malicious code.
(Thethaovanhoa.vn) - There's a perilous trend unfolding globally within the hacker community, the misuse of the Google Ads platform to disseminate malicious code.
A dangerous trend is being orchestrated by the global hacker community, utilizing the Google Ads platform to distribute malicious code to unsuspecting users with limited security knowledge seeking popular software products.
It's not challenging to list some popular software products across various fields that hackers leverage to spread malicious code through Google Ads. Threat actors will replicate the official websites of these software projects and distribute various Trojan versions of the software when users click the download button.
The Google Ads platform assists advertisers in promoting their websites on Google Search, placing them at high positions in the results list as advertisements, often located on the official website of the product/project.
This implies that if you search for legitimate software on a browser without an ad blocker, you will encounter ads related to software first. There's a high chance of clicking on that advertised link because it closely resembles actual search results.
If Google detects a malicious destination page being advertised, it will certainly be blocked, and the ad will be immediately removed. Therefore, threat actors need to employ a small trick to bypass Google's automated checks.
The stratagem involves deceiving victims into clicking on an ad leading to an unrelated but seemingly benign website created by the threat actor. Subsequently, redirecting them to a malicious site impersonating a software project, initiating the download of malicious payload.
The malicious payload, in ZIP or MSI form, is downloaded from reputable code storage and sharing services like GitHub, Dropbox, or Discord CDN. This ensures that any antivirus programs running on the victim's system won't raise objections to the requested file download.
With the malicious software packaged alongside legitimate software, users will still get what they need. However, concurrently, the malware will silently install on the system.
A simple yet effective solution to block such malicious campaigns is to activate an ad blocker on your web browser. This ad blocker will filter out advertised results from Google Search, sparing you from encountering them.
Another preventive measure is to scroll down until you find the official domain of the software project you are searching for. If unsure, you can perform additional search queries. The official domain is listed on the Wikipedia page of the software.
If you regularly visit the website of a specific software project for updates, it's best to bookmark the URL and use that URL to directly access it when needed.
A common sign indicating that the installer you're about to download may contain malware is an unusual file size. This is also something you should pay attention to.
