Security researchers have discovered a malicious attack that uses Google ads, which appear at the top of search results, to breed a Trojan horse that allows attackers to take control of victims' computers and steal their sensitive information.
According to researchers from ESET Security Solutions, the attack mainly targeted Google users in East Asian countries. The attackers used paid Google ads to distribute promotional links to popular apps such as Chrome and Firefox browsers, as well as Telegram, WhatsApp, Line, Skype, Place etc. Messaging apps and more. By clicking on the link, the user is redirected to a fake website with a design and domain name very similar to the original address. The fake website provides a link to download the app, which, when clicked, downloads and runs malware on the victim's device.
In some cases, these sites offer installers to install the original version of the application and install malware alongside it, without arousing users' suspicions.
Once the malware is installed, the attacker can take complete control of the user's computer, including accessing the command line, executing files, retrieving information from a web browser, and viewing a log where everything typed or searched becomes what the victim enters.
The attackers mainly relied on a Trojan known as FatalRAT, which can access data from Chrome and Microsoft browsers, as well as other popular browsers in East Asia. The software can also change the screen resolution of a user's device and wipe data from their device.
Launching a hack attack using paid Google ads is an innovative strategy to convince victims to click on a link because users trust the content provided by the popular search engine.
The company said Google had removed the ad but urged users to check the URL before clicking on it and make sure the typed address matches the real name of the site to avoid falling victim to a similar attack.