Multiple cybersecurity firms have issued warnings about fake Google Search ads, luring people into downloading DeerStealer malware.
Jerome Segura, principal threat researcher at Malwarebytes, explained that “if you were trying to download the popular Google Authenticator via a Google search in the past few days, you may have inadvertently installed malware on your computer,” as per Forbes.
According to the experts, scammers are using a legitimate-looking Google URL. When users click on the links, they would be redirected multiple times, eventually ending on a malicious web page posing as an official Google page.
“We have seen this very effective URL cloaking strategy in past malvertising campaigns,” Segura said, “including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.”
The users who downloaded the links might have exposed their personal and financial information, such as bank account details, address, and personal IP address, to hackers.
“Since the whole premise of these attacks relies on social engineering, it is absolutely critical to properly distinguish real advertisers from fake ones,” Segura added, “as we saw in this case, some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well.”
Experts have urged users not to click on any ads for software download. People, who have already fallen victim to this scam, are advised to immediately run a virus scanner, delete temporary files, and change all passwords.