Fake Software Ads Used To Distribute Malware

Google is most people’s first port of call for help or information online – something cyber criminals are using to their advantage.

Specifically, they are targeting Google ads, impersonating campaigns for popular software such as Grammarly, Slack, Ring, and many others. This is nothing to do with those companies, but to the untrained eye they look like the real deal… which is how they’re tricking people into clicking the ads.

If you’re not using an ad blocker, you’ll see promoted pages at the top of your Google search results. These look almost identical to the non-promoted, down page organic search results, so you or your people could easily be tempted to click.

It’s a complicated scam. Criminals clone the official software websites, but instead of distributing the genuine product, when you click download they install ‘trojanized’ versions. That’s geek speak for malware that disguises itself as real software.

Google is working to protect us by blocking campaigns it’s able to identify as malicious. But criminals have tricky ways around that too.

Ads first take you to a benign-looking website – which the crooks have created. This then redirects you to a malicious site that convincingly impersonates a genuine page. That’s where the malware lurks waiting for a click, beyond Google’s reach.

Worse, in many cases, you’ll still get the software you’re trying to download, along with a hidden payload of malware. That makes it harder to tell that your device or network has been infected and may give the malware longer to do its job.

To stay protected, train your team about the dangers and make sure everyone is on the lookout for anything that doesn’t seem quite right.

Encourage people to scroll down the Google results until they find the official domain of the company they’re looking for, and make it a policy that people seek permission before downloading any software – no matter how innocent it may seem.

You could also consider using an ad blocker in your browser. That will filter out any promoted results from your Google search for some extra peace of mind.

For help and advice with training, software policies and network security give us a call.