1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google AdWords is being hijacked by scammers

    From TechnologyDaily@1337:1/100 to All on Thu Dec 29 16:30:03 2022
    Google AdWords is being hijacked by scammers

    Date:
    Thu, 29 Dec 2022 16:16:57 +0000

    Description:
    Seemingly benign campaigns promoting popular programs are actually delivering malware.

    FULL STORY ======================================================================

    Scammers are abusing Google Adwords, the search engine giants advertising platform, to spread malware to people looking for legitimate and popular software.

    Googles safety measures are usually robust, but experts found that they managed to employ a workaround.

    The campaign is simple - the crooks would clone popular software such as Grammarly, MSI Afterburner, Slack, or others, and infect them with an infostealer. In this case, the attackers were adding Raccoon Stealer, and IceID malware loader. Then, they would create a landing page where the
    victims would be sent to download the malicious programs. These pages were designed to look seemingly identical to the legitimate ones. Tricking Google

    Then, they would create an ad and place it on Google Adwords. That way, whenever someone searches for either these programs or other relevant keywords, theyd see the ads in various places (including the top positions on the Google search engine results page).

    The trick is that Googles algorithm is relatively good at spotting malicious landing pages hosting dangerous software. To bypass the security measures,
    the attackers would also create a benign landing page to which the ad would send the visitors.

    That landing page would then immediately redirect the victims to the
    malicious one. Read more

    This huge typosquatting campaign is being used to run tech support scams


    Domain parking used to spread Emotet and impersonate McAfee


    Check out the best firewalls right now

    Cyberattack campaigns that leverage legitimate software to distribute malware are nothing new, but researchers have mostly been in the dark when it comes
    to methods to actually get people to the landing pages. In late October, researchers discovered a major campaign with more than 200 fraudulent
    domains, but up until today, no one knew how the domains were advertised.

    Now that the plot has been discovered, Google can be expected to swiftly terminate the campaign (if it hadnt done that already).

    Besides the abovementioned apps, the crooks were also impersonating these programs: Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk,
    Libre Office, Teamviewer, Thunderbird, and Brave. These are the best endpoint protection services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/google-adwords-is-being-hijacked-by-scammers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)