Google Ads in Search Results May Lead to Malvertising Attacks

Google has never been completely clean of websites or software downloads that contain malware, but as of late, it seems that hackers are becoming more crafty with malware as they have been appearing more in Google Ads.

More Dangerous Than Before

The past few months have seen more threats in Google than normal. Threat researchers claim that in the past few days, there has been a massive spike that is affecting known brands with several forms of malware being utilized.

The rise in dangerous content is coming from malware families like AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader, according to Ars Technica. Hackers have moved on from simple phishing attacks and malicious spam and moved on to Google Ads.

Hackers are disguising the malware-ridden files by posing them as legitimate downloads. The brands being used include Adobe Reader, Gimp, Microsoft teams, OBS, Slack, Tor, and Thunderbird, showing that even Google Ads are no longer safe from threat actors.

Researchers from the security firm Sentinel One stated that an advanced malvertising campaign is pushing malicious loaders into .NET, which has then been called "MalVirt." These malicious loaders are distributed using Xloader and can affect both Windows and macOS.

The loaders are able to obfuscate virtualization which allows them to circumvent end-point protection and analysis. Once they do, the hackers will be able to use XLoader tio steal the user's data and other sensitive information on the infected device.

Malvertising

Malvertising can affect a user when they click on contents that have malicious code. This will in turn install malware or adware in a user's, or redirect them to malicious website. According to CrowdStrike, the attacks may alsi use an exploit kit, which will scan for weaknesses in a system.

Other than steal sensitive data, the malware after installation can also damage files, redirect internet traffic, monitor user activity, or set up backdoor access points in a user's system. It possible for it to execute Javascript or Flash spam the user with ads or malicious content.

There have been specific attacks in the past such as the Angler Exploit Kit, which redirected Internet users to a malicious website where an exploit kit found vulnerabilities in web extensions like Adobe Flash, Microsoft Silverlight, and Oracle Java.

Some, as mentioned before, can get past ad-blockers and anti-virus solutions using dynamic URLs. There's also the KS Clean which is a campaign that targets mobile phones. The malware will send a notification for updates, which will grant hacker access when approved.

It's hard to identify MalVirts even for experts. Other than it becoming more and more widespread, ads on pages also change. However, there are ways for you to avoid installing malware or even just reduce the risk.

For one, you need to update all your software and extensions, including web browsers. You should also install antivirus software and ad blockers so less advertisements would pop up in your feed, therefore reducing your chance of encountering an infected ad.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics