Yes, scammers have hijacked Adwords. Google Adwords, the company’s advertising platform, is being abused by scammers. It is being used to deliver malware to users looking for well-known applications.
Although Google’s security procedures are typically strong, experts discovered that they were able to use a workaround.
The plan is straightforward. The criminals would copy well-known programs like Grammarly, MSI Afterburner, Slack, and others, infecting them with an info stealer. And then launch their campaign. In this instance, the attackers were loading malware such as IceID and Raccoon Stealer. They would then develop a landing website to which the victims would be directed in order to download the malicious software. These pages were created to have an appearance that is nearly identical to the authentic ones.
READ MORE: Amazon Shuts Down Wickr
Scammers have hijacked Adwords: misleading Google
They would then build an advertisement and post it on Google Adwords. As a result, the advertising would appear in multiple locations anytime someone searched for either these applications or other relevant terms.
The trick lies in the fact that Google’s algorithm is fairly adept at identifying bad landing pages that host harmful software. The attackers would also develop a benign landing page to which the ad would send users. This worked in order to get around the security safeguards.
The victims would then be automatically forwarded to the malicious page from that landing page.
Cyberattack tactics that use trustworthy software to disseminate malware are nothing new. But when it comes to strategies for driving traffic to the landing pages, researchers have mostly been in the dark. Researchers found a significant effort involving more than 200 bogus domains in late October, but nobody knew how the domains were promoted until today.
Google should promptly end the campaign (if it hasn’t already) now that the plan has been uncovered.
The thieves were also mimicking the following applications in addition to the ones already mentioned: Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.