Security News > 2023 > September > Fake Cisco Webex Google Ads abuse tracking templates to push malware
Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.
Malwarebytes reports that a malicious Google ad impersonates the official Webex download portal, ranking at the highest position in Google Search results for the "Webex" term.
The threat actors can exploit a loophole in the Google Ad platform's tracking template that allows them to redirect at will while complying with Google's policy.
Specifically, Google says advertisers may use tracking templates with URL parameters that define a "Final URL" construction process based on gathered user information regarding their device, location, and other metrics related to ad interactions.
If visitors of the fake Webex page click on the download buttons, they receive an MSI installer that spawns several processes and runs PowerShell commands to install the BatLoader malware.
Sneaky Amazon Google ad leads to Microsoft support scam.
News URL
Related news
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Google's new AI search results promotes sites pushing malware, scams (source)
- Google location tracking deal could be derailed by politics (source)
- Google ad impersonates Whales Market to push wallet drainer malware (source)