Operators of malicious programs are increasingly abusing Google Ads to distribute malicious programs to users searching for legitimate software. Victims include Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave. Hackers create clones of the official websites of the aforementioned projects, but replace the software that users click to download with malicious programs. Malware distributed via this method includes variants of Raccoon Stealer, customized versions of Vidar Stealer, and the IcedID malware loader. When an advertiser uses Google Ads to post an ad, if Google detects that the target website is malicious, the ad will be removed. The operators of the malware exploited a simple method to bypass this detection – by first taking users who clicked on the ad to a website free of the malware, and then redirecting them to the clone site.
This article is transferred from: https://www.solidot.org/story?sid=73770
This site is only for collection, and the copyright belongs to the original author.