Cybercriminals have found a new way to distribute malware, and they are doing it by exploiting Google Search Ads. This sneaky tactic puts unsuspecting internet users at risk of cyber attacks, emphasizing the need for increased caution while browsing and clicking on ads.
The reason hackers are resorting to abusing Google Search Ads is because it allows them to quickly reach a wide audience. By disguising their malicious links as legitimate ads, they can trick users into clicking on them, leading to malware downloads or phishing attempts. Additionally, Google’s large user base provides cybercriminals with a broad target audience for their attacks.
Recently, cybersecurity researchers at Malwarebytes discovered that hackers are actively taking advantage of Google Search Ads to deploy a specific type of malware called “Bonanza.” This type of malware is often delivered through malvertising, which involves injecting or intentionally creating ads with malicious content.
In one instance, a compromised website unknowingly displayed an ad for Python developers that actually led to a hacked page offering the application for download. However, instead of downloading the legitimate application, users ended up installing over a dozen malware pieces. Another example involved a wedding planning website that was injected with malware, causing the site to change titles and add overlays promoting software serial keys.
One of the reasons hackers are able to use Google Search Ads for their malicious activities is through the use of Dynamic Search Ads (DSA). DSA automatically generates ads from the content of a website, making it convenient for advertisers. However, if a website’s content is altered without the owner’s knowledge, misleading ads can be created, resulting in unsuspecting users clicking on malicious links.
In the case mentioned earlier, a Google search for “pycharm” displayed an ad with a mismatch between its title (developer software) and description (wedding planning). This ad was created by Google Ads using the hacked page, making the website owner an unwitting victim who ended up paying for the malicious ad.
Clicking on the ad’s headline for PyCharm would redirect users to the compromised page with the download link. Running the installer would then flood the user’s computer with malware, rendering it useless. While inexperienced criminals may load software for commissions, this type of attack is not subtle and can cause significant damage to users’ devices.
Detecting these incidents can be tricky as compromised sites are often monetized in various ways, and the malicious ads can appear legitimate. This makes it even more crucial for internet users to exercise caution when encountering ads and to be aware of the potential risks associated with downloading cracked software or clicking on suspicious links.
To protect yourself from these types of vulnerabilities, researchers recommend staying cautious with ads, avoiding downloading cracked software, regularly checking landing pages linked to ads, securing Google Ads accounts with two-factor authentication, staying up-to-date with online advertising and cybersecurity developments, and configuring email alerts for unusual activity or policy violations in Google Ads accounts.
In conclusion, cybercriminals are exploiting Google Search Ads to deploy malware and target unsuspecting internet users. This underhanded technique highlights the importance of being vigilant when browsing the internet and clicking on ads. By following the recommendations provided by cybersecurity researchers, users can better protect themselves from falling victim to these malicious schemes.