Fake Google ads used to lure victims to malware-rigged Signal, Telegram websites

Drive-by-download campaigns are poisoning Google’s search results, warns experts

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals are using maliciousGoogleAds and web pages to lure unsuspecting users into downloading and executing an information stealingmalware.

Cybersecurityexperts ateSentirehave shared details about this new campaign that places Google Ads to take users to a fraudulently replicated download page forsecure chat applications, such asSignal.

Instead of the installer for the legitimate app, the download link on the fake page pushesAutoIT scripts, which then deploy the Redline Stealer, which is one of the most popular information stealing malware.

“They [threat actors] are spending money to purchase Google ads (although they could be using stolen credit cards to purchase the ad space), and they have spent time creating believable ads and almost exact replicas of the download pages for some of the most popular secure chat applications,” said Spence Hutchinson, Manager of Threat Intelligence for eSentire.

Drive-by-Download campaigns

Drive-by-Download campaigns

The company also suggests that stolen information is either sold on the dark web or directly used in further intrusions and fraud campaigns.

During its breakdown of the campaign, eSentire notes that not only have these drive-by-download campaigns become the most popular threat vector, they are also increasingly poisoning Google’s search results.

In addition to the current campaign, eSentire also shares details about previous campaigns that lure users with fake Google ads forbusiness productivitytools such asremote desktop softwarelike AnyDesk,file hosting serviceslikeDropbox, and the Telegram messenger.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Corporate internal security teams and external security teams need to make sure employees are very aware of the different tactics threat actors are using to lure them to malicious web pages, malicious ads and malicious documents,” warns eSentire in its advisory against the new campaign.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

ICYMI: the week’s 7 biggest tech stories from Kindle Colorsoft yellowing woes to our PS5 Pro review