FBI warns of search engine ads pushing malware, phishing

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Content source
https://www.bleepingcomputer.com/news/security/fbi-warns-of-search-engine-ads-pushing-malware-phishing/
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.

In today's public service announcement, the federal law enforcement agency said threat actors purchase advertisements that impersonate legitimate businesses or services. These ads appear at the top of search result pages and link to sites that look identical to the impersonated company's website.

"When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result," warns the FBI.

"These advertisements link to a webpage that looks identical to the impersonated business's official webpage."

When searching for software, the FBI says advertisements will link to websites with a download link to software named after the impersonated application.

The FBI advisory also warns about ads promoting phishing sites that imitate finance platforms and, more specifically, cryptocurrency exchange platforms that invite visitors to enter their account credentials.

Once credentials are entered on these phishing sites, they are stolen by threat actors who use them to steal funds or sell them to other threat actors.

BleepingComputer recently helped reveal a massive typosquatting campaign using over 200 websites impersonating software projects, cryptocurrency exchanges, and wallet platforms to push Windows and Android malware.

Earlier in the year, a site impersonating the GIMP image editor used malvertising to drop the Vidar info stealer on its unsuspecting visitors.

In another case from March 2022, operators of the Mars stealer abused Google Ads to promote a malicious Open Office lookalike site to distribute their malware.

More recently, the SANS ISC disclosed an AnyDesk malvertising campaign on Google Search that dropped IcedID malware instead of the popular remote desktop app.
Click to expand...
How to protect yourself

The most crucial precaution when looking for something online is not to click on the first thing that appears on the search results without checking its URL.

As the first few results on a given search term are usually promoted ads, it is safer to skip them and scroll down until you see the project's official website search result and use that instead.

"While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link," warns the FBI.

Furthermore, even checking the link may only sometimes help, as threat actors can create advertisements to display a legitimate URL but redirect users to cloned sites under the attacker's control.

Another recommendation is to use ad-blockers, which filter out promoted results on Google Search.

If you visit a website frequently, it would be better to bookmark its URL and use that to access it instead of searching for it every time.
Click to expand...
www.bleepingcomputer.com

FBI warns of search engine ads pushing malware, phishing

The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Morro, Andy Ful, Oldie1950 and 7 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware​

After closely tracking the activities of the IcedID botnet, we have discovered some significant changes in its distribution methods. Since December 2022, we observed the abuse of Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. This IcedID variant is detected by Trend Micro as TrojanSpy.Win64.ICEDID.SMYXCLGZ.

Advertising platforms like Google Ads enable businesses to display advertisements to target audiences for the purpose of boosting traffic and increasing sales. Malware distributors abuse the same functionality in a technique known as malvertising, wherein chosen keywords are hijacked to display malicious ads that lure unsuspecting search engine users to downloading malware.

In our investigation, malicious actors used malvertising to distribute the IcedID malware via cloned webpages of legitimate organizations and well-known applications. Recently, the Federal Bureau of Investigation (FBI) published a warning pertaining to how cybercriminals abuse search engine advertisement services to imitate legitimate brands and direct users to malicious sites for financial gain.
Click to expand...
www.trendmicro.com

IcedID Botnet Distributors Abuse Google PPC to Distribute Malware

We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click (PPC) ads to distribute IcedID via malvertising attacks.
www.trendmicro.com www.trendmicro.com
 
  • Like
  • +Reputation
Reactions: Andy Ful, Gandalf_The_Grey, upnorth and 2 others
You must log in or register to reply here.

Similar threads

nicolaasjan
    • Like
Malicious Notepad++ Google ads evade detection for months
Replies
0
Views
831
News Archive
nicolaasjan
nicolaasjan
CyberTech
    • +Reputation
    • Like
New LOBSHOT malware gives hackers hidden VNC access to Windows devices
Replies
1
Views
1,260
News Archive
Andy Ful
Andy Ful
silversurfer
    • Like
    • +Reputation
    • Thanks
New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
Replies
1
Views
663
News Archive
Zero Knowledge
Z

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top