Security News > 2022 > December > FBI warns of search engine ads pushing malware, phishing
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.
These ads appear at the top of search result pages and link to sites that look identical to the impersonated company's website.
"When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result," warns the FBI. "These advertisements link to a webpage that looks identical to the impersonated business's official webpage."
The FBI advisory also warns about ads promoting phishing sites that imitate finance platforms and, more specifically, cryptocurrency exchange platforms that invite visitors to enter their account credentials.
While these advertisements looked like they were promoting the actual gimp.org website, as shown below, they redirected users to a different site pushing malware.
More recently, the SANS ISC disclosed an AnyDesk malvertising campaign on Google Search that dropped IcedID malware instead of the popular remote desktop app.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)