Cybersecurity researchers recently discovered that there was a clever malvertising scheme occurring via Google Ads. The campaign had been estimated to be running for slightly over a month before being uncovered. The malvertising scheme involved a malicious file masquerading as a setup executable for AnyDesk, a remote desktop application. The advertisement appears at the top of the search results, like a typical Google Ad. The fraudulent advertisement, when clicked, further directs users to a clone page of the AnyDesk website - giving it the illusion of being legitimate. However, the users would actually be downloading a PowerShell implant that is used for amassing and exfiltrating the users’ system information. After being notified, Google took immediate action by taking down the malicious advertisement.
Malvertising, which stands for “malicious software advertising”, is when cybercriminals use online advertisements to spread malware. Typically, malware is hidden within seemingly legitimate webpages or networks. Malvertising can affect users in several ways after they view an infected webpage; there may be an installation of malware or adware onto the users’ computer, the user may be redirected to a malicious site or unwanted or malicious advertising may pop up onto the users’ desktop.
The malicious use of Google advertisements could potentially be rising in popularity, as it serves as an effective and clever method to target users. The criminals are able to target different audiences depending on the advertisements they choose. Furthermore, the nature of Google’s advertising allows for administrative users to estimate how many people will click on the ad and cybercriminals can use this information to plan and budget accordingly.
Beyond Google, malvertising can be found on any types of advertising platforms from Youtube to Spotify. It seems as though malvertising, like many cybercrimes, continues to be on the rise; especially since many of our daily activities revolve around the web.
1. Don’t Click on Questionable Websites
Although all types of websites can be hit by malvertising, it seems to be the trend that sites hosting illegal content are more likely to inadvertently host malicious advertisements. Professional websites tend to have more internal processes in place to help catch malicious advertisements.
2. If it sounds too good to be true, it probably is
Advertisements that promise free cars, major cash prizes or any form of large giveaway are likely to be malicious. Cybercriminals make their ads sound as enticing as possible to prey on vulnerable users. Always be sure to evaluate the legitimacy of the advertisement and how realistic it seems.
3. Check the destination URL
By hovering over the advertisement with your mouse, you can see where the advertisement will be taking you. This is one way to verify the legitimacy of the advertisement - if the destination URL does not match what the display is then you should avoid clicking on it.
Finally, Cyber Unit’s security plans are here to help you and your business on all ends. We provide amazing computer, mobile, and email security as well as Dark Web monitoring. Our safety plans will work to keep you safe, so that you can focus on doing what you love.
If your information somehow ends up circulating the Dark Web, we’ll notify you right away and assist you in whatever recovery is needed.
Feel free to get in touch with us for specific information or read more about our services HERE.