Online trustworthiness can be deceptive, particularly in the realm of advertising, where even well-known platforms are not immune to security risks. Recent reports highlight a concerning trend: cybercriminals are using Google’s own advertising system to propagate malicious software.
Bleeping Computer reveals that Malwarebytes discovered a malicious campaign exploiting Google’s sponsored search engine ads to promote fake downloads of Google Authenticator, an app used for two-factor authentication. While the real app enhances security, these fraudulent ads misled users to counterfeit sites infected with malware.
The format of Google’s text ads can be manipulated to show authentic URLs, such as www.google.com, while redirecting users to harmful sites. This malware can be used to spy on users and steal sensitive information.
Although Google has removed the fraudulent ad, similar malicious campaigns have previously targeted other services like AMD, Bitwarden, and KeePass. To safeguard against such threats, consider the following tips:
- Check for ad labels to distinguish them from regular search results.
- Scroll through search results; legitimate ads are often repeated in regular listings.
- Use the three-dot icon next to search results to verify website sources.
- Install ad-blocking tools such as uBlock Origin to minimize exposure to sponsored ads.
- Keep your antivirus software updated to detect and block malicious sites.