Security News > 2022 > December > FBI warns of search engine ads pushing malware, phishing
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.
These ads appear at the top of search result pages and link to sites that look identical to the impersonated company's website.
"When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result," warns the FBI. "These advertisements link to a webpage that looks identical to the impersonated business's official webpage."
The FBI advisory also warns about ads promoting phishing sites that imitate finance platforms and, more specifically, cryptocurrency exchange platforms that invite visitors to enter their account credentials.
While these advertisements looked like they were promoting the actual gimp.org website, as shown below, they redirected users to a different site pushing malware.
More recently, the SANS ISC disclosed an AnyDesk malvertising campaign on Google Search that dropped IcedID malware instead of the popular remote desktop app.
News URL
Related news
- Ongoing Phishing and Malware Campaigns in December 2024 (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation (source)
- FBI removed PlugX malware from U.S. computers (source)
- FBI Deletes PlugX Malware from Thousands of Computers (source)