In addition to cyber attacks, phishing attacks and malicious appsCybercriminals can also misuse Google Ads software to trick users into falling into the trap of their schemes.
As I mentioned Computer (Opens in a new tab)If you searched for “GIMP” on Google last week, you might have seen an ad for the popular site’s official website. Photoshop alternative. However, this was actually a fake ad used to infect visitors with In House Trojan stealing information.
Besides getting a place between Best photo editing softwareGIMP (GNU Image Manipulation Program) is also open source and free to download. Its official website is “GIMP.org” and despite it being a malicious ad, the fake ad spotted by BleepingComputer showed the correct web address.
If a user clicks on the ad (which has since been removed), they will be taken to a phishing page much like the official GIMP website. While they thought they were downloading the actual program, the fake site instead delivered a malicious file called “Setup.exe” that would infect their computers with malware once it was installed.
Abuse Google Ads
according to support document (Opens in a new tab) About Google Ads, the Service allows advertisers to use the display URL that appears in the ad and the destination URL that visitors are taken to after clicking on the ad. In this case, the display URL was “GIMP.org” while the destination URL was the fake “gilimp.org”. Normally in Google Ads, the displayed and destination URLs must point to the same site.
in last reddit (Opens in a new tab), one user suggested that the hackers behind this campaign may have used the IDN homograph to make the Cyrillic spelling of the Gimp website (xn–gmp-jhd.org) look like the Latin “gimp.org”. However, this seems unlikely given that “gilimp.org” and another fake domain called “gimp.monster” were used in the campaign. At the same time, a possible error in Google Ad Manager may be responsible, but this is still unknown at the moment.
Regardless, hackers often buy ad space on legitimate platforms like Google search and other search engines to launch malicious ad campaigns. However, many of these malicious ads can launch attacks without you clicking on them.
In an email to Tom’s Guide, a Google spokesperson provided more information about fake GIMP ads that appeared in its search engine last week, saying: “We have strict policies designed to protect people from abuse and combat fraud across our platforms, which we enforce aggressively. The ads in question have been flagged by our systems and removed for policy violations.”
Malicious ads vs adware
Although they both include ads, malicious advertising and adware are actually quite different.
Adware is a type of malware that can infect your computer and smartphone while malicious advertising or malicious advertising is a term used to describe bad ads that can lead you to phishing websites and other dangerous web pages according to Blog post (Opens in a new tab) From AVG. However, both are hiding in plain sight.
Once you install an adware application on one of your devices, you’ll start seeing ads that you wouldn’t normally encounter online. The creators of one of these apps may also hijack the ads you normally see to replace them with new ones, which, when clicked, earn them advertising revenue.
What makes malicious advertising so dangerous is the fact that your device does not need to be infected with malware first. This is because the malicious ads used in these campaigns are hosted on legitimate websites like Google in the example above.
Either way, both malicious ads and adware are threats that you need to monitor online as your passwords and other sensitive data can be stolen if you fall victim to either.
How to stay safe from malicious ads
The easiest way to stay safe from malicious ads is to avoid clicking on ads altogether. With these fake GIMP ads, if users had scrolled to the bottom of search results, they would have seen a link to the official GIMP website. Clicking it would have allowed them to download the actual program instead of taking them to a phishing site that distributes malware.
While the ads at the top of Google search and other search engines may be convenient, there is little chance that they may actually be fake. This is why it makes sense to avoid them and go directly to the official website of a product or service you are interested in instead. Similarly, you can install one of the best ad blockers to limit the amount of ads you see online.
If you click on an advertisement online, you should take a closer look at the domain name of the site that takes you to make sure it is legitimate. Does the URL contain any misspelled words or is there anything else that seems out of place? If so, it may be a phishing page and not the company’s official website.
Whether or not you choose to keep clicking online ads is up to you. However, by installing one of the best antivirus software solutions on your devices, you can help protect yourself from malicious ads, fake websites that spread malware and other viruses.
[ad_2]