Google is facing a significant security issue with its advertising platform. Malicious actors are creating fake advertisements for Google Authenticator, which actually disseminate the DeerStealer malware capable of stealing users' sensitive information.
This malicious ad campaign, uncovered by Malwarebytes, is particularly dangerous as it exploits users' trust in the Google brand. Attackers craft advertisements that appear during searches for Google Authenticator and include the official google.com domain as the URL for users to click on.
To create convincing ads, hackers employ URL masking techniques and generate thousands of accounts simultaneously. They use text manipulations and spoofing methods, displaying various websites to verification systems and unsuspecting users.
In response to an inquiry from BleepingComputer, Google reported that it has already blocked the fraudulent advertiser flagged by Malwarebytes. Google also notes that it is enhancing its automated systems and increasing the number of human reviewers to identify and eliminate such malicious campaigns.
When users click on the fake ads, they are redirected to sites mimicking the official Google portal. Some of these domains include chromeweb-authenticators.com, authenticcator-descktop.com, and others. On these websites, users are prompted to download what is supposedly Google Authenticator, but in reality, they receive malware.
The downloaded file possesses a digital signature, lending it false credibility and helping it bypass Windows security systems. Upon execution, it activates DeerStealer — a malware program that steals passwords, cookies, and other sensitive information from users' web browsers.
Cybersecurity experts advise users to exercise caution when downloading programs. It is wise to avoid clicking on ad links in Google, use ad blockers, and verify website URLs before downloading files. They also recommend scanning all downloaded files with antivirus software before opening them.
Source: Bleepingcomputer
Comments (0)
There are no comments for now