Many IT security experts, as well as the State Criminal Police Office , are currently warning about Google Ads. Links to download sites for well-known software tools contain cloned sites that infect your system with malware. These include LibreOffice, gimp, VLC and OBS.
Malware instead of image editing program through Google Ads
The links look legitimate at first, but they are not. The Central Contact Point for Cybercrime (ZAC) of the LAK Lower Saxony shows as an example how this is done with the free image editing software GIMP: Instead of going to the real GIMP page ( https://www.gimp.org ), the advertising leads to a URL, which supposedly reads exactly the same. In reality, Cyrillic numbers were used instead of Latin letters.
The fake side of GIMP then looks deceptively real. However, via the download link you don't get the real image editing program, but rather a file with unwanted content:
The aim is to spread malware, steal access data and sensitive information and, in the worst case, encrypt entire systems with ransomware.
The consequences of such a download according to ZAC
According to ZAC, one of the tricks is also that “the website displayed via Google Ads is benign and irrelevant. Only after you click on the ad should you be redirected directly to the malicious website." It is like this: "If Google determines that the fake website (landing page) is malicious, the campaign will be blocked and the ads will be removed. so in this step threat actors must use a trick to bypass Google’s automatic checks.”
The problem with Google Ads is currently expanding
Spamhaus says that “malvertising” via Google Ads is a known problem, but according to threat researchers it has only been “moderately widespread” so far. However, there has been a massive increase in the last few days. Numerous well-known brands are said to be affected and several different malware programs are being used improperly.
Roman Hussy, the founder of abuse.ch is quoted as saying: “It is likely that a threat actor has started selling malvertising as a service on the Dark Web, and demand is high.” They are currently observing that “various infrastructures “used in these advertisements that distribute various malware families”. Hussy concludes that “ad serving” is a service that threat actors are currently requesting and purchasing.
Heise and Sentinel Labs speak of a “sophisticated malvertising campaign” via Google Ads, which also runs on the Microsoft .NET platform. Google is aware of the current issues with its advertising system and is working to fix them:
Malicious actors often use sophisticated measures to disguise their identity and evade our policies and enforcement. To combat this, in recent years we have implemented new certification policies, increased verification of advertisers, and increased our capacity to detect and prevent coordinated fraud. We are aware of the recent increase in fraudulent ad activity. Combating this phenomenon is a top priority and we are working to resolve these incidents as quickly as possible.
Google arstechnica
Sources: ZAC Niedersachsen , Heise , Spamhaus , abuse.ch , Sentinel Labs , arstechnica
Also read our fact checks:
Gaucher disease is not caused by chitin
No, Pfizer did not specifically breed corona mutations
Nattokinase is not a “lifesaver for spike vaccine victims”
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )