A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads.
The Arc browser is a new web browser featuring an innovative user interface design that sets it apart from traditional browsers.
Launched in July 2023 for macOS and after receiving glowing reviews from tech publications and users, its recent launch on Windows was highly anticipated.
According to a
report by Malwarebytes, cybercriminals prepared for the product launch, setting up malicious advertisements on Google Search to lure users looking to download the new web browser.
Google's ad platform has a significant problem that allows threat actors to take out ads displaying legitimate URLs, which has been abused to target
Amazon,
Whales Market,
WebEx, and Google's own video platform,
YouTube.
Malwarebytes found promoted results for the search terms "arc installer" and "arc browser windows" displaying the correct URL for Arc.
However, after clicking the advertisement, searchers are redirected to typo-squatted domains that visually resemble the genuine website.
If the "Download" button is clicked, a trojanized installer file is retrieved from the MEGA hosting platform, which downloads an additional malicious payload named 'bootstrap.exe' from an external resource.
