Google is now facing threats from the very ad system it created.
Recent reports reveal that threat actors are creating fake Google Authenticator ads to distribute DeerStealer malware, which is involved in data theft.
Previously, many campaigns by threat actors were prominent on Google Search. Now, they are targeting the Authenticator app to impersonate well-known software platforms, spreading malware to users' devices.
Moreover, threat actors are placing ads on search results that display real domains, making it difficult to distinguish between genuine and fake ads.
Malwarebytes recently highlighted this latest malware campaign, showing how threat actors produced ads to hack end users. The deception is amplified by how google.com is displayed when clicking on the URL, which shouldn't be possible when third parties create the ad.
These URLs are highly effective in their cloaking abilities, as seen in previous ad campaigns for KeePass, Arc browser, Amazon, and YouTube. Despite this, Google struggles to detect these imposter ads.
Experts point out that Google's verification of advertiser IDs reveals another vulnerability exploited by threat actors. Google has responded by actively blocking fake ads when reported.
When questioned about the issue, Google explained that threat actors evade detection by creating numerous fake accounts and manipulating text to show reviews from other sites. However, the company is scaling up automated systems and reviewers to combat malware campaigns, removing 3.4 billion ads and suspending 5.6 million advertiser accounts in 2023 alone.
To protect yourself, avoid clicking on fake Google Authenticator ads. These often lead to pages impersonating the real Google portal. Clicking the 'download authenticator' button on these fake pages triggers the download of an executable file, Authenticator.exe, which installs DeerStealer malware.
To stay safe, do not click on suspicious ads, use ad blockers, and bookmark official URLs for software. Verify the URL of downloaded files and scan them with updated antivirus tools before executing them.
Read next: Security Researchers Ring Alarm Against Dangerous Android Malware That Steals Money And Wipes Data
Recent reports reveal that threat actors are creating fake Google Authenticator ads to distribute DeerStealer malware, which is involved in data theft.
Previously, many campaigns by threat actors were prominent on Google Search. Now, they are targeting the Authenticator app to impersonate well-known software platforms, spreading malware to users' devices.
Moreover, threat actors are placing ads on search results that display real domains, making it difficult to distinguish between genuine and fake ads.
Malwarebytes recently highlighted this latest malware campaign, showing how threat actors produced ads to hack end users. The deception is amplified by how google.com is displayed when clicking on the URL, which shouldn't be possible when third parties create the ad.
These URLs are highly effective in their cloaking abilities, as seen in previous ad campaigns for KeePass, Arc browser, Amazon, and YouTube. Despite this, Google struggles to detect these imposter ads.
Experts point out that Google's verification of advertiser IDs reveals another vulnerability exploited by threat actors. Google has responded by actively blocking fake ads when reported.
When questioned about the issue, Google explained that threat actors evade detection by creating numerous fake accounts and manipulating text to show reviews from other sites. However, the company is scaling up automated systems and reviewers to combat malware campaigns, removing 3.4 billion ads and suspending 5.6 million advertiser accounts in 2023 alone.
To protect yourself, avoid clicking on fake Google Authenticator ads. These often lead to pages impersonating the real Google portal. Clicking the 'download authenticator' button on these fake pages triggers the download of an executable file, Authenticator.exe, which installs DeerStealer malware.
To stay safe, do not click on suspicious ads, use ad blockers, and bookmark official URLs for software. Verify the URL of downloaded files and scan them with updated antivirus tools before executing them.
Read next: Security Researchers Ring Alarm Against Dangerous Android Malware That Steals Money And Wipes Data
