199

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.

In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search.

What makes the ad more convincing is that it shows 'google.com' and "https://www.google.com" as the click URL, which clearly should not be allowed when a third party creates the advertisement.

We have seen this very effective URL cloaking strategy in past malvertising campaigns, including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.

Malwarebytes noted that the advertiser's identity is verified by Google, showing another weakness in the ad platform that threat actors abuse.

When the download is executed, it will launch the DeerStealer information-stealing malware, which steals credentials, cookies, and other information stored in your web browser.

Users looking to download software are recommended to avoid clicking on promoted results on Google Search, use an ad blocker, or bookmark the URLs of software projects they typically use.

Before downloading a file, ensure that the URL you're on corresponds to the project's official domain. Also, always scan downloaded files with an up-to-date AV tool before executing.

top 18 comments
sorted by: hot top controversial new old
[-] azron@lemmy.ml 45 points 3 months ago

Verified by Google == The transaction went through.

[-] FundMECFSResearch 20 points 3 months ago

I switched permanently to duckduckgo yesterday. Couldn’t be happier.

[-] WeAreAllOne@lemm.ee 14 points 3 months ago

They also have some trackers I think. Try SearxNG.

[-] mecfs@lemmy.world 18 points 3 months ago

Urgh I hate apple. Can’t choose something else but these default options. And I have to use the safari browser because it is the only one that has the accomodations for my disability I need.

(replying from my alt cuz image hosting is down on blahaj.zone)

[-] FundMECFSResearch 9 points 3 months ago

Actually I found a way to bypass this using the “hyperweb” extension, if anyone needs in future

[-] akilou@sh.itjust.works 9 points 3 months ago

You did this to yourself when you bought an Apple device

[-] FundMECFSResearch 21 points 3 months ago

Android doesnt have the accessibility things I need at all 🤷 didnt have much of a choice.

[-] akilou@sh.itjust.works 13 points 3 months ago

I'm sorry you have to deal with that. And I'm sorry you don't have a choice

[-] nitefox@sh.itjust.works 3 points 3 months ago

They can just install another browser..

[-] nitefox@sh.itjust.works 2 points 3 months ago

Meh, the results have got very bad. They are mostly ads now and every damn article is provided not by its origin but msn

[-] workerONE@lemmy.world 2 points 3 months ago* (last edited 3 months ago)
[-] nitefox@sh.itjust.works 1 points 3 months ago
[-] Blizzard@lemmy.zip 15 points 3 months ago* (last edited 3 months ago)

Always use an adblocker. Never disable it for any website regardless how much you like it. If they want to show you ads, they don't like you.

For PC: https://ublockorigin.com

For mobile: https://adguard.com

[-] DynamoSunshirtSandals@possumpat.io 4 points 3 months ago

Unfortunately true. Support sites you love through purchases, subscriptions, and donations. Ads are, at best, a vector of mental malware. At worst, a vector of actual malware.

[-] smeeps@lemmy.mtate.me.uk 2 points 3 months ago

The issue is, that people always say this but then people don't donate.

People have server costs and living costs and ads are realistically the only way to contribute to those. I always swing €5 here and there to developers whos apps I use often but most people don't: look at the Ko-fi page of small devs and they probably have less than €50 total, That's a couple months of server costs probably.

[-] adarza@lemmy.ca 11 points 3 months ago* (last edited 3 months ago)

had someone call the other day that nearly got scammed after clicking the top 'result' (it was an ad) on a google search for amazon.

[-] Broken_Monitor@lemmy.world 4 points 3 months ago

I feel like if they’re dumb enough to google search for amazon instead of just typing amazon.com then this is far from the only scam they’re falling for.

[-] stevedidwhat_infosec@infosec.pub 4 points 3 months ago* (last edited 3 months ago)

See!!! I knew this shit was gonna happen. Check out my post from a while back - on chrome and edge, when you hover over the links, they resolve instead of showing you the top link.

This means they can setup infra and evade scanning to redirect probes to legit sites like retailers, bank homepages, etc.

this post was submitted on 01 Aug 2024
199 points (100.0% liked)

Privacy Guides

16763 readers
2 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS