Security News > 2021 > June > Google PPC Ads Used to Deliver Infostealers

This time around, the Google PPC ads targeted specific IP ranges in the U.S. and "Probably some other countries," researchers wrote.

Google says that it uses proprietary technology and malware detection tools to "Regularly scan all creatives", that it forbids ads when they try to call fourth parties or sub-syndication to uncertified advertisers, that it pulls ads distributing malware, and that authorized buyers whose ads are found to contain malware are placed on a minimum three-month suspension.

In a nutshell, these attacks have succeeded because crooks spend real money on Google AdWords, having figured out how to evade Google's malvertising screening and having set up a website with a signed, legitimate certificate - as in, a maximum of two weeks old - designed to mislead website visitors.

As researchers described it, all of the attacks start with one of a dozen paid Google ads that lead to a website with an ISO image download - one that's big enough to slip past scanning.

Morphisec researchers found that a simple search for "Anydesk download" led them to three pay-per-click Google ads, all of which led to malicious infostealers, as shown in the image below.

Morphisec's Michael Gorelik wrapped up the advisory by noting that "Adversaries will use any method possible to gather targets, even paying Google top dollar for their paid search results to surface a malicious website as a top search result."

News URL

https://threatpost.com/google-ppc-ads-used-to-deliver-infostealers/166644/