Last Update: December 29, 2022, 13:09 IST
The Google Advertising Platform helps advertisers promote pages on Google Search. (Image: Reuters)
Hackers have increasingly misused the Google advertising platform to target users of popular search software, including Grammarly, Slack, Dashlane, Audacity, iTorrent, Anydesk, and more.
Hackers have increasingly abused the Google advertising platform to target users searching for popular software products.
As Bleeping Computer reports, software products being imitated include Grammarly, Slack, Dashlane, Audacity, iTorrent, AnyDesk, LibreOffice, TeamViewer, Thunderbird, and more.
The report noted, “Threat actors clone the official websites of the above projects and distribute Trojan versions of the software when users click on the download button.”
The Google Advertising Platform helps advertisers promote pages on Google Search.
Users looking for genuine software products on a browser without an active ad blocker are likely to click on the malicious link “because it looks so similar to a real search result”.
Guardio Labs explained, “The moment those ‘disguised’ sites are being viewed by targeted visitors, the server immediately redirects them to the rogue site and from there to the malicious payload.”
Those rogue sites are practically invisible to visitors.
If Google detects that the landing site is malicious, the campaign is blocked and the ads are removed.
The malware payload, which comes in ZIP or MSI form, is downloaded from CDNs of reputable file-sharing and code-hosting services such as GitHub, Dropbox, or Discord.
“This ensures that any anti-virus program running on the victim’s machine will not object to the download,” the report said.
Guardio Labs recently noticed a campaign where a threat actor lured users with a Trojan version of Grammarly. The malware was bundled with legitimate software.
read all Latest Tech News Here
(This story has not been edited by News18 staff and is published from a syndicated news agency feed)