Ouch, it stings! Google Ads promote trojanized versions of ChatGPT, Zoom, Cisco software


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Nobody likes ads, but it is one thing when they are just annoying, and quite another when they are downright dangerous. Such is the case with some Google search ads that trick users searching for popular applications into downloading malware.

It works like this: cybercriminals pay Google to run an ad in search so that their link appears at the top of search results. An unsuspecting user, believing that Google has vetted an advertiser before running an ad, clicks on the ad and is taken to a usually harmless site that has nothing to do with the software and then redirected to a clone of the company’s official website. From there, the user downloads a Trojan horse, believing it to be a legitimate product. This malware can then steal personal information, install other malware, including ransomware, or even take control of the computer.

These attacks do not take a rocket scientist to pull off and have become increasingly popular in recent times. One of the latest examples is a malware aptly named Bumblebee. According to researchers at SecureWorks, the malware loader, which used to be distributed primarily through phishing links, is now being spread through Google ads and search engine optimization (SEO) poisoning. SEO poisoning involves a cybercriminal stuffing a malicious website with keywords, fake backlinks, and content that cause the rogue site to rank higher in search results than a legitimate site. While SEO poisoning and Google Ads abuse are complementary, our focus in this article will be specifically on Google Ads.
How to protect yourself

Since the use of antivirus software on its own is not enough to protect you from these attacks, we need to use other methods as well. The FBI, which has also noticed an increase in malware attacks using search ads, recently shared some tips on how to avoid becoming a victim. The FBI suggests that users should be more careful about what they download, i.e. check the URL before clicking on an ad, and better yet — skip Google and type the site’s URL directly into the browser.

These are, no doubt, working tips, but they may not work when you’re in a rush or not paying attention. Besides, malvertisers can trick you by hiding the real URL of the site with a technique known as ad cloaking.

Another way to stay safe, according to the FBI, is to use an ad blocker.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.