This fake Google Alert wants to trick you into thinking Flash is still a thing

Novel approach tricks Google Alerts into promoting unwanted apps

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals have reportedly managed to trick anotherGoogleservice into deliveringmalicious appsto unsuspecting users.

Their latest target is the Google Alerts service, which researchers have found has  been abused to push fake updates of the now-discontinuedAdobe FlashPlayer.

The latest campaign adds to the growing list of Google services that have been repeatedlyabused in novel waysby threat actors for malicious purposes.

Fake alert

Fake alert

In this latest instance, unscrupulous elements first create fake stories with titles that contain popular keywords in order to get the attention of the search engine’s bots.

Once these fake stories have been indexed, the Google Alerts service will push them to the inbox of folks who’ve set up alerts to track those keywords.

Trusting them to be legitimate, since they are recommended by a Google service, when clicked the fake stories then redirect to a malicious site, which promotes all kinds of potentially unwanted programs (PUPs).

BleepingComputerrecently observed one such campaign that used the fake Google Alert story to instead push a notification that suggests users to install an app to purportedly update their out-of-date Flash player. Not surprisingly, the app then promotes various PUPs.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is just one of the recent examples of tricksters exploiting the trust of Google services for malicious purposes. In the past, threat actors have abused Google Forms and Google Sheets for malware command-and-control communications. Security researchers recently discovered a web skimming operation that leveraged the reputation of Google’s Apps Script domain.

Via:BleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace