Security News > 2024 > August > Google gamed into advertising a malicious version of Authenticator

Infosec in brief Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software.

A team at security shop Malwarebytes spotted the adverts, which appear to come from a Google approved domain - and from a verified user - earlier this week.

"Some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well," reported Jérôme Segura, principal threat researcher at Malwarebytes.

"We should note that Google Authenticator is a well-known and trusted multifactor authentication tool, so there is some irony in potential victims getting compromised while trying to improve their security posture. We recommend avoiding clicking on ads to download any kind of software."

Einstein has been with CISA, focusing on artificial intelligence, for the last two years - working on how to protect against machine-augmented attacks but also use the technology to scan and address threats across both government and the private sector.

The APT41 group, believed to be a state-sponsored Chinese intrusion gang, has been going after Taiwanese targets using the ShadowPad trojan and Cobalt Strike penetration testing software, plus new tools written in basic Chinese, according to Cisco-affiliated Talos Intelligence.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/08/05/security_in_brief/