- Apr 24, 2016
Nobody likes ads, but it is one thing when they are just annoying, and quite another when they are downright dangerous. Such is the case with some Google search ads that trick users searching for popular applications into downloading malware.
It works like this: cybercriminals pay Google to run an ad in search so that their link appears at the top of search results. An unsuspecting user, believing that Google has vetted an advertiser before running an ad, clicks on the ad and is taken to a usually harmless site that has nothing to do with the software and then redirected to a clone of the company’s official website. From there, the user downloads a Trojan horse, believing it to be a legitimate product. This malware can then steal personal information, install other malware, including ransomware, or even take control of the computer.
These attacks do not take a rocket scientist to pull off and have become increasingly popular in recent times. One of the latest examples is a malware aptly named Bumblebee. According to researchers at SecureWorks, the malware loader, which used to be distributed primarily through phishing links, is now being spread through Google ads and search engine optimization (SEO) poisoning. SEO poisoning involves a cybercriminal stuffing a malicious website with keywords, fake backlinks, and content that cause the rogue site to rank higher in search results than a legitimate site. While SEO poisoning and Google Ads abuse are complementary, our focus in this article will be specifically on Google Ads.
How to protect yourself
Since the use of antivirus software on its own is not enough to protect you from these attacks, we need to use other methods as well. The FBI, which has also noticed an increase in malware attacks using search ads, recently shared some tips on how to avoid becoming a victim. The FBI suggests that users should be more careful about what they download, i.e. check the URL before clicking on an ad, and better yet — skip Google and type the site’s URL directly into the browser.
These are, no doubt, working tips, but they may not work when you’re in a rush or not paying attention. Besides, malvertisers can trick you by hiding the real URL of the site with a technique known as ad cloaking.
Another way to stay safe, according to the FBI, is to use an ad blocker.
Cybercriminals are increasingly using Google ads to deliver malware. The bait can be anything — ChatGPT, Zoom, Cisco — the list goes on. To learn how to spot a rogue ad and protect yourself, read our article.