Hackers are increasingly leveraging Google Ads to impersonate Google and deceive users into downloading malicious software disguised as the legitimate Google Authenticator app. According to a recent report from Malwarebytes Labs, these fraudulent ads appear on Google search results and even display verified advertiser credentials, which adds a layer of false legitimacy to the scheme. The scammers have created convincing ads that show the official Google website and a proper description, but when users click on these ads, they are redirected through multiple intermediary domains controlled by the attackers. Ultimately, this leads them to a fake site where they are prompted to download an executable file purportedly for the Google Authenticator app.
The malicious file, hosted on GitHub, is signed by a company with no connection to Google, and once installed, it deploys DeerStealer malware on the victim’s computer. This malware is designed to exfiltrate personal data, compromising sensitive information. The attackers have cleverly used GitHub, a trusted platform for code sharing, to host the malware, making it more challenging for conventional security measures to block the malicious file. The repository, created under the username “authe-gogle,” contained the file in question, illustrating the attackers’ use of legitimate platforms to disguise their malicious activities.
Google’s verification process for advertisers has been exploited by these threat actors to enhance the credibility of their ads. The appearance of these ads as verified by Google misleads users into believing they are downloading software from a trustworthy source. This deceptive practice highlights the risks associated with downloading software through search engine ads. Users are advised to exercise caution and avoid downloading software via ads, instead opting to visit official websites or repositories to ensure they are obtaining legitimate applications.
This incident underscores a growing problem of brand impersonation and ad-based scams on Google Ads. With similar issues reported on other platforms like Facebook, it is clear that malicious actors are continuously adapting their tactics to exploit trusted platforms and deceive users. To protect themselves, users should be vigilant about verifying the authenticity of software sources and remain cautious of downloading files from unfamiliar or unverified sources.
Reference:
