Google Search Ads Show Malware Again, This Time for Fake Google Authenticator

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Mark Thread UnreadFlat Reading Mode ❐

Google Search Ads Show Malware Again, This Time for Fake Google Authenticator

Author Post Essentials Only Full Version
Cool GTX EVGA Forum Moderator Total Posts : 30693 Reward points : 0 Joined: 2010/12/12 14:22:25 Location: Folding for the Greater Good Status: offline Ribbons : 123 2024/08/06 07:18:32 (permalink) Google Search Ads Show Malware Again, This Time for Fake Authenticator (excerpt) Multiple cybersecurity firms reported this week that Google Search ads for what appears to be a Google authenticator actually lead to a download for "DeerStealer" malware. This authenticator was not made by Google, but by an unknown threat actor trying to swipe victims' personal information. In this case, though, Google's ad settings helped make the fake ads look more convincing. The URL to the malware appeared as "https://www.google.com." Google's site also showed that the advertiser who posted the malware had their identity "verified by Google." The advertiser's location showed that they were based in the US, and the description snippet of the ad itself contained the text: "Official Website." Unfortunately, this has happened before, as Malwarebytes points out with the convincing—but fake and malicious—Amazon ads that surfaced on Google Search last year. second article: (Great details, educational) Threat actor impersonates Google via fake ad for Authenticator (excerpt) Conclusion Threat actors have been abusing Google ads as a way to trick users into visiting phishing and malware sites. Since the whole premise of these attacks relies on social engineering, it is absolutely critical to properly distinguish real advertisers from fake ones. As we saw in this case, some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well. We should note that Google Authenticator is a well-known and trusted multi factor authentication tool, so there is some irony in potential victims getting compromised while trying to improve their security posture. We recommend avoiding clicking on ads to download any kind of software and instead visiting the official repositories directly. Malwarebytes blocks access to the fake Authenticator website, and we detect the payload as Spyware.DeerStealer. -------------- (end excerpt)------------- Lessons to be learned: Do not trust any ads are properly vetted; as bad actors are creative Always go to the source for any download Keep your security Software up to date Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members I am a Volunteer Moderator - not an EVGA employee **Older RIG projects RTX Project Nibbler** #1 Google Ads Show Malware, Fake Google authenticator, DeerStealer malware 0 Replies Related Threads

Author

Post

Essentials Only Full Version

Cool GTX

EVGA Forum Moderator

Total Posts : 30693
Reward points : 0
Joined: 2010/12/12 14:22:25
Location: Folding for the Greater Good
Status: offline
Ribbons : 123

2024/08/06 07:18:32 (permalink)

Google Search Ads Show Malware Again, This Time for Fake Authenticator
(excerpt)

Multiple cybersecurity firms reported this week that Google Search ads for what appears to be a Google authenticator actually lead to a download for "DeerStealer" malware. This authenticator was not made by Google, but by an unknown threat actor trying to swipe victims' personal information.

In this case, though, Google's ad settings helped make the fake ads look more convincing. The URL to the malware appeared as "https://www.google.com." Google's site also showed that the advertiser who posted the malware had their identity "verified by Google." The advertiser's location showed that they were based in the US, and the description snippet of the ad itself contained the text: "Official Website."

Unfortunately, this has happened before, as Malwarebytes points out with the convincing—but fake and malicious—Amazon ads that surfaced on Google Search last year.

second article: (Great details, educational)

Threat actor impersonates Google via fake ad for Authenticator
(excerpt)

Conclusion
Threat actors have been abusing Google ads as a way to trick users into visiting phishing and malware sites. Since the whole premise of these attacks relies on social engineering, it is absolutely critical to properly distinguish real advertisers from fake ones.
As we saw in this case, some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well.
We should note that Google Authenticator is a well-known and trusted multi factor authentication tool, so there is some irony in potential victims getting compromised while trying to improve their security posture. We recommend avoiding clicking on ads to download any kind of software and instead visiting the official repositories directly.
Malwarebytes blocks access to the fake Authenticator website, and we detect the payload as Spyware.DeerStealer.
-------------- (end excerpt)-------------

Lessons to be learned:

Do not trust any ads are properly vetted; as bad actors are creative

Always go to the source for any download

Keep your security Software up to date

Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members

I am a Volunteer Moderator - not an EVGA employee

Older RIG projects RTX Project Nibbler

Google Ads Show Malware, Fake Google authenticator, DeerStealer malware

0 Replies Related Threads

Jump to: