Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Google Dynamic Search Ads Abused to Unleash Malware ‘Deluge’

    justmattgBy justmattgOctober 31, 2023No Comments4 Mins Read

    [ad_1]

    A researcher has uncovered a new method of using vulnerable websites to deliver malicious, targeted ads to search engine users, capable of delivering a tsunami of malware that can overwhelm victims completely.

    The key is “dynamic search ads,” a feature in which Google uses the content of a website landing page to pair targeted ads with searches. In an Oct. 30 blog post, Jerome Segura, senior director of threat intelligence at Malwarebytes, described how an attacker used a fake software ad on a compromised website to take advantage of this feature, targeting search engine users.

    And, remarkably, it all may have been by accident.

    “I think the ad itself is really kind of accidental, in the way that it was created. The fact that I saw it [in a Google search], I don’t think the threat actor planned it at all,” Segura posits.

    Malvertising With Dynamic Search Ads

    “I didn’t see the site first, I saw the ad first,” Segura recalls. He was searching for common keywords used by hackers — often fake advertisements for office applications, remote monitoring software, and so on. In this case, the keyword was “PyCharm,” the development environment for Python programming.

    The search yielded the following, sponsored result:

    Source: Malwarebytes

    While the headline matched his search, the snippet seemed to be pulled from a wedding planning site. And through Google’s Ads Transparency Center, it was clear that the site’s other content all had to do with weddings, not Python.

    “In most ads that I see for malicious software downloads, the content matches the title. So the threat actor actually goes through the effort of creating an ad from scratch: they use a compromised advertiser account, and they create the ad with a matching URL, a matching description, and all that wasn’t the case here. So I thought: Why would somebody create a title that doesn’t match the description?” Segura recalls.

    It turned out that some pages within the neglected wedding planning site had been injected with spam-generating malware.

    The malware rewrote these pages’ titles and presented visitors with a malicious PyCharm serial key pop-up. To make matters worse, Google’s dynamic ads feature picked up on the malicious content, which is how it got advertised to Segura.

    Were an unwitting visitor to click on the PyCharm pop-up link, they would experience “a deluge of malware infections the like we have only seen on rare occasions, rendering the computer completely unusable,” Segura explained in his blog. He speculated that the attacker may have been trying to monetize as many malware downloads as possible, for cybercrime commission payments.

    Security for Small Business Websites, and Their Users

    For hackers that want to take advantage of small- and midsize business’ websites for their own ends, there is an untold trove of potential choices simply lying in wait.

    The problem, Segura explains, is that “usually business owners don’t create it themselves. They hire a Web agency to create the website for them at a particular time, and then the Web agency delivers the product, and then that’s it. There’s no follow up.” Businesses might keep using the site, but without taking care of it on the backend.

    “So what happens is, the core WordPress itself becomes out of date. And then any of the plugins that may have been used also become out-of-date. And out-of-date usually applies not just to features, but also security patches. And so those websites are just sitting ducks for anybody to crawl entire IP ranges, and then just mass compromise,” he says.

    Where businesses might lack the resources or wherewithal to maintain proper security, Segura thinks, Google could at least help search engine users avoid landing in traps, by flagging cases where targeted ads and website content diverge significantly.

    “In this case a wedding website and an ad for a piece of software. I’ve seen another example that was pretty clear cut as well: for another piece of software, and the advertiser was a restaurant. That should be an immediate flag for Google, because it really does not match what the business does,” he concludes.

    [ad_2]

    Source link

    Previous ArticlePro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
    Next Article Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑