 |
| FBI warns of malicious ads on Google that contain malware and steal data |
The FBI has warned that threat actors use search engine ads to promote websites that distribute ransomware or to steal credentials from financial institutions and cryptocurrency exchanges.
In a report released Wednesday, federal law enforcement said threat actors buy ads impersonating legitimate businesses or services. These ads appear at the top of search results pages and link to websites that appear to match the dummy website.
According to the FBI report, "When a user searches for a business or service, these ads appear above the search results, with little difference between the ads and the actual search results on the same page."
When searching for software, the ad links to a website with a download link for software with the name of the fake app.
The FBI report also warns of ads promoting phishing sites impersonating financial platforms, particularly cryptocurrency exchanges, that ask visitors to enter their account credentials.
Once credentials are entered on these phishing sites, attackers steal them in order to steal money or resell it to other threat actors.
BleepingComputer recently helped uncover a massive so-called misspelling campaign that used more than 200 websites posing as software projects, cryptocurrency exchanges, and digital wallet platforms to spread malware targeting Microsoft's Windows and Android operating system company.
Earlier this year, a website posing as photo-editing software GIMP used malicious ads to install information-stealing software Vidar on victims' computers. Although these ads appear to promote the original gimp.org website, they redirect users to other websites that have malware installed.
In another case, in March 2022, operators of Theft from Mars misused Google ads to promote malicious websites such as Open Office to distribute their malware.
Recently, SANS ISC exposed a malicious ad campaign on Google targeting the remote desktop application AnyDesk, which used IcedID instead of AnyDesk.
To avoid becoming a victim of such activities, when searching for content online, users are advised not to click on the first piece of content that appears in search results without checking its URL.
Since the first results that appear at the top of the search engine results are usually advertisements, you can ignore them and scroll down until you see the official search results on the project's website, which are generally not advertisements.
The FBI warns, "Although search engine advertising is not inherently malicious, caution should be exercised when visiting websites through sponsored links."
Also, link checking is only useful sometimes, as attackers can create ads that display links to legitimate URLs while redirecting users to cloned websites that are under the attacker's control.
Users are also advised to use ad blocker features to filter results for ads on Google Drive. If users visit a particular website frequently, it is better to bookmark the browser to access it than to search each time.