Recently, the FBI has warned users against cyber attackers using search engine advertisements to promote websites that distribute ransomware or can steal login user credentials from financial institutions and crypto exchanges. Representative Image
Cyber attacks of various kinds have seen a consistent rise in both volume and reach over the past few years. Security agencies in several countries are trying to crack down on these hackers by identifying their modus operandi. Recently, the FBI has warned users against cyber attackers using search engine advertisements to promote websites that distribute ransomware or can steal login user credentials from financial institutions and crypto exchanges.
The US-based security agency has made a public service announcement (spotted by BleepingComputer) to warn users about these search engine ad-based malicious websites. The law enforcement agency stated that attackers buy out ads that imitate authentic businesses or services. These ads usually appear at the top of search result pages. Moreover, the links to these dubious sites even look identical to the company websites they are mimicking which makes it easier for the attackers to target common users.
How these fake links work
As per the FBI, these search engine ads link malicious websites with a download link to the software that is named after the authentic application. Apart from this, the FBI advisory has also warned users against ads that promote phishing sites. These ads commonly mimic finance platforms especially, the cryptocurrency exchange platforms that ask users to enter their account credentials. Hackers steal these credentials once they are entered into these phishing sites. The stolen data is then used to steal funds from linked bank accounts or are being sold on the internet to other attackers.
Examples of such malvertising campaigns
Recently, a huge typo-squatting campaign involving over 200 websites was reportedly revealed. Hackers used this campaign to imitate software projects, cryptocurrency exchanges, and wallet platforms to push malware on Windows and Android.
Earlier, a fake GIMP image editor website used malvertising to push the Vidar malware on unsuspecting users. However, these fake advertisements redirected users to a different site that pushed malware, the report adds.
In March 2022, Google Ads was misused by the operators of the Mars stealer to promote a fake site that impersonated Open Office that distributed malware. The report also mentions that a malvertising AnyDesk campaign on Google Search pushed the IcedID malware through the fake remote desktop app.
How users can protect themselves
Users are advised not to click on the first thing that appears on the search results without checking its URL while looking for something online. The first few search results are usually promoted ads and it is better to skip them and scroll down until you can see the project’s official website. FBI says that search engine advertisements are not malicious. However, it’s important to be cautious while accessing a web page via an advertised link.
Sometimes even checking the link might not help users as attackers can create ads that show a legitimate URL but later redirect users to cloned sites which are under the hacker’s control. Ad-blockers can also help users to filter out promoted Google Search results. Instead of searching for a particular site that you visit frequently, It is better to bookmark its URL.
5G Cyber Scam Alert: How you can and cannot get 5G on your phone