New Delhi, December 29 : Hackers have increased their abuse of the Google Ads platform to target users searching for popular software products. Among the software products being impersonated include Grammarly, Slack, Dashlane, Audacity, ITorrent, AnyDesk, Libre Office, Teamviewer, Thunderbird, and more, reports Bleeping Computer.
"The threat actors clone official websites of the above projects and distribute trojanised versions of the software when users click the download button," the report mentioned. The Google Ads platform helps advertisers promote pages on Google Search. Drone Delivery: Amazon Starts Delivering Orders by Drones in US States, Aims To Fly Out Packages to Customers Within 60 Minutes.
Users looking for original software products on a browser without an active ad blocker are likely to click on malicious links "because it looks very similar to the actual search result".
"The moment those 'disguised' sites are being visited by targeted visitors, the server immediately redirects them to the rogue site and from there to the malicious payload," explained Guardio Labs. Those rogue sites are practically invisible to visitors. India Aspires To Be $5 Trillion Digital Economy, Tech and Data Protection Guardrails 2023 Awaited.
If Google detects that the landing site is malicious, the campaign is blocked and the ads are removed. The malware payload, which comes in ZIP or MSI form, is downloaded from reputable file-sharing and code-hosting services such as GitHub, Dropbox, or Discord's CDN.
"This ensures that any anti-virus programmes running on the victim's machine won't object to the download," the report mentioned. Guardio Labs recently observed a campaign where the threat actor lured users with a trojanised version of Grammarly. The malware was bundled with the legitimate software.
(The above story first appeared on LatestLY on Dec 29, 2022 11:47 AM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).