Go to listing page

New Malvertising Variant Leverages Google Ads To Serve Malware Through Legitimate Websites

New Malvertising Variant Leverages Google Ads To Serve Malware Through Legitimate Websites
  • One such incident has been cited through Google ads served on the popular news site: The New York Times.
  • The fishy Google ad promotes the download of an Online PDF converter.

A new type of malvertising campaign that leverages Google ads has been found distributing malware. One such incident has been cited through Google ads served on the popular news site: The New York Times.

How does it work?

Discovered by SlashNext, the Google ads look genuine at first sight. It promotes the download of an Online PDF converter.

Clicking on the ad takes visitors to a nice-looking page that includes more information about the product. The page also includes a prominent green button that asks the viewers to ‘Download to Continue’.

However, what the victims miss out before they click on the button is a pop-up that reads, “By clicking the button, you agree to install the Homepage & New Tab and agree to the EULA and Privacy Policy.”

What next?

Once the app has been downloaded, users are redirected to a special phishing page that conducts user behavior monitoring by hijacking the browser and the search functionality.

The app also silently runs unsecured malicious third-party content within a browser.

Unforeseen impacts

By agreeing to such privacy policy without reading can enable third-party affiliates to access victims’ products such as browsers, sites, and credentials. Their machines can also be vulnerable to all kinds of malicious activities.

Cyware Publisher

Publisher

Cyware