With the increase in advancements of the internet a lot of problems have also recurred in the virtual world. Google is one of the most used search engines. And hackers have been extensively using Google Ads platform to target users. Advertisers promote theory pages on Google Search using the Google Ads platform. Cyber attacks are on increase and it becomes highly important for users to use the online platform with utmost caution.
As per reports by Bleeping Computer, Grammarly, Dashlane, AnyDesk, Slack, Thunderbird, ITorrent, Audacity, Libre Office, Teamviewer and many more software products are being impersonated by miscreants. The report mentioned that, “The threat actors clone official websites of the above projects and distribute trojanised versions of the software when users click the download button.”
Users who search for the original software products on the browser which does not have an active ad blocker are most likely to click on malicious links as they look very similar to the actual search results and therefore are hard to distinguish. The rogue sites are nearly invisible to the visitors.
It was observed by guardio Labs in a campaign that the threat actor made users use a trojanised version of Grammarly. It had malware attached to it. Guardio Labs explained “The moment those ‘disguised’ sites are being visited by targeted visitors, the server immediately redirects them to the rogue site and from there to the malicious payload.” The report also mentioned that, “This ensures that any anti-virus programmes running on the victim’s machine won’t object to the download.”
However, if it is detected by Google that the landing site is malicious then the ads are removed and that campaign is blocked. The malware payload usually comes in MSI or ZIP form. It is downloaded from GitHub, Discord’s CDN or Dropbox which are reputable-file sharing and code-hosting services.
ALSO READ | Cyber breaches may earn PSUs hefty fines