We’re seeing more and more worrisome phenomena on the web right now, such as scammers buying Google’s top advertising spots to spread their malicious code. Often impersonates well-known apps such as WhatsApp (opens in new tab), can blend seamlessly with harmless advertising. If you don’t know the exact URL of the app you’re trying to download, you could end up downloading something harmful.
We have watched phishing tactics evolve over the years. Buying ads to masquerade as free and open source apps is not new for scammers, but it seems to be on the rise with the trend of investing in NFTs and cryptocurrencies. It’s happening all over the internet.
If a billion-dollar phishing is detected, they must be targeting the area goodIn fact, just this week, NFT God’s “whole digital life” dried up (opens in new tab) After clicking on the official looking OBS link.
Even hardware manufacturers are exposed to this kind of imitation, such as fake AMD driver downloads. (opens in new tab) Link found on Google. Miller’s EVGA site was also discovered on Google late last year.
Investigating the incident reveals the Bleeping Computer (opens in new tab) We found that a disturbing number of the top Google ads were featured by phishing scams, and only some of them were actually flagged by antivirus products.
Among them is a fake link to the bootable USB flash drive creation tool Rufus at the top of Google, rounded with the word “pro” to make the link more attractive to potential victims. increase. Clicking on the link takes you to a compressed file download hidden behind a seemingly secure file transfer service. This is known as a zip bomb or decompression bomb and is one of the more difficult tactics to detect.
Scammers have also been found to use something called typosquatting.In the case of “notepad-plus-plus.com”, it was close enough to the expected URL that many suspected it to be malicious. Is not.
Scammers are also seemingly legitimate technology companies, as in the case of 7-ZIP, WinRAR, and VLC found on a site filled with malicious links masquerading as the Indian web design firm known as Zensoft Tech. can be hidden behind the
“Google does its best to review and verify information provided by advertisers as part of these verification programs,” the company’s verification said. (opens in new tab) “However, by doing so, we do not endorse or accept liability for the content or activities of any advertisers.”
Google’s own policy on ad network abuse (opens in new tab) “Computer viruses, ransomware, worms, Trojan horses, rootkits, keyloggers, dialers, spyware, malicious security software, and other malicious programs or apps” are not allowed to be linked through ads . This refers to both “ads and software hosted or linked to by the Site or App.”
However, “Violation of this policy will not result in immediate account suspension without prior warning. A warning will be issued at least seven days prior to account suspension.” I think it’s to give the hacked site a chance to get the URL back if it becomes a victim.
Amid calls for social media companies to be more accountable (opens in new tab) When it comes to content posted on their site, I’m sure Web users won’t be able to put up with Google’s somewhat disrespectful attitude towards it for long.