That Google Ad you click could be dangerous—here’s why

A person holding an iPhone close to the camera with the Google search homepage displayed onscreen
(Image credit: Unsplash/Solen Feyissa)

Malware is a frequently occurring buzzword when you’re first venturing into fortifying your personal cybersecurity, with company after company stressing the importance of downloading their malware removal software. But what is malware? 

‘Malware’ refers to any malicious software that is designed to cause disruption or damage to a device, server, or network. The deployment of malware often results in malicious actors leaking private information, gaining access to or preventing the user from accessing their private information and important documents, or interfering with the user's computer security and privacy.  The sensitivity of private data makes it incredibly attractive to malicious actors who are then able to use this data to extort both individuals or companies that want to prevent the information going public.  

In their 2023 Nastiest Malware report, OpenText Cybersecurity analyzed the threat landscape and determined the biggest threats of the year came from these ‘ransomware’ players. Ransomware refers to any  kind of malware attack that is designed to block access to your data until you pay a sum of money to the hackers.

There are, unfortunately, many avenues that cybercriminals use to deploy malware to your devices. You may assume that advertisements supported by Google Ad services are safe to click on and must have to pass a number of security checks to be made live, however, Malwarebytes recently discovered a fake WindowsReport website that was being hosted on almost a dozen different domains. 

The scammers used Trojan malware, a type of malware named after the mythical wooden horse due to the malware being hidden as supposedly safe software, to trick victims into downloading the malicious software. This saw them host a version of ‘CPU-Z’ on the site in order to trick victims into downloading it, a popular utility tool that allows users to track different hardware components on their device such as CPU clock rates. The tool was actually a RedLine Stealer, a known infostealer capable of exfiltrating sensitive system data, stored passwords, payment information, cookies, cryptocurrency wallet information, and more, masquerading as a real CPU-X program.

To convince victims the website was safe and the software legit, the cybercriminals created website ads that appeared legitimate and strategically ran them through the Google Ads network, promoting this malicious version of CPU-Z. The cloning of the WindowsReport website was also likely done to add more legitimacy and trustworthiness to the whole campaign. 

Additionally, to trick Google’s anti abuse tactics, victims were pulled through a number of website redirects before reaching the final site. To further bypass security measures the hackers also made sure the installer was digitally signed with a valid certificate, meaning that security tools and other antivirus products were unlikely to flag it. Malwarebytes concluded this attack campaign was created by the same people who orchestrated the similar Notepad++ campaign in October 2023.

How can Google Ads spread malware?

Hackers have been able to utilize Google Ads and their position on the Google search results page to spread malware to victims and infect their devices. Proofpoint reported finding at least four malicious campaigns delivering malware via download popups. 

Cybercriminals compromise legitimate websites in a range of different ways, from brute-forcing their way in to leveraging vulnerabilities in different modules of the websites.

After gaining access to these legitimate websites they are then able to modify them to display a pop-up that impersonates a legitimate site, oftentimes informing the user that their browser is outdated and to view the content they need to download and install an update. This so-called update is a vehicle for malware. Agreeing to the false ‘update’ infects the user's device with malware that is capable of extracting sensitive information from the victim. 

The cybercriminals can then utilize this information to extort the user for its return, to prevent its public release or use the personal details to commit identity theft and complete further scams.

How cybercriminals impersonate legitimate websites

Late last year hackers utilizing Google Ads were able to mimic the KeePass password manager website almost identically. While doing so they created a program that looked and functioned almost exactly like the KeepPass password manager software, with one key difference; the program would also come with the PowerShell script associated with the FakeBat malware loader, compromising users passwords stored and devices. 

To be able to promote these the hackers used Google Ads.  The primary way this is done is by compromising an existing active Google Ads account and using it to set up a new campaign, however this case was even more complicated. In the setting up of the fake KeePass campaign cybercriminals utilized Punycode to hide their fake, malicious website’s URL and make it look genuine. 

Punycode is an encoding standard built for internationalized domain names. This allows people to incorporate  non-Latin scripts (Cyrillic, or Chinese) into the Domain Name System (DNS). By using this the url was written as ‘ķeepass.info". You might have not noticed it, but there’s a dot below the letter k that is easily missed or mistaken for a mark on your screen. 

How cybercriminals use fake generative AI to spread malware

With the rise of so many different generative AI models gaining popularity, it is no wonder cybercriminals have been creating fake versions of ‘Google Bard, Google's answer to ChatGPT AI, to deposit malware.  

This malware was discovered by researchers at ESET after spotting an ad on Facebook that raised red flags as it included bad spelling and grammar.  The ad was linked to the Dublin-based firm called rebrand.ly, and after clicking the link users were redirected to a website posing as a Google branded website. 

The site featured a download button that would trigger the download of malware hosted on a personal Google Drive space and hidden behind an archive titled ‘GoogleAIUpdate.rar.’

The impact of Google Ad-based malware

 Digital and cryptocurrency influencer Alex Finn, also known by his online handle ‘@NFT_GOD’ detailed his first hand experience in which his ‘entire digital livelihood was violated.’ 

In early January 2023 his Twitter, Substack, Gmail, Discord, and online wallets were ‘invaded and taken over by bad actors’ and his digital assets were taken.  This happened as a result of Finn clicking a sponsored Google link to download OBS, a live video streaming software, to his personal desktop. He was later alerted that his two Twitter, now known as X, accounts were compromised with scam tweets. Thinking that this was the only issue he deleted the posts and re-authenticated his account. 

Later he was alerted by a fan that his NFT art, one of the popular ‘Bored Ape Yacht Club’ tokens, had been ‘weth’d’, meaning sold or transferred to another digital wallet on the OpenSea platform. 

The hackers also compromised his Substack, an email publishing platform, to send malicious emails to his 16,000 subscribers, dissolving trust and goodwill he had built up with his community.  

Though he was able to re-access his social accounts, Finn was unable to recover the digital assets taken by malicious actors as you cannot revert blockchain transactions. In response, he fortified his digital security against future issues, making changes to his digital wallets and encouraging his followers to not click on Google Ads and sponsored links.

The best malware removal software in 2024

If your device is infected with malware from a dodgy Google Ad or download, it’s important to remove any malware with a malware removal tool as soon as possible. 

The best malware removal tools on the market are able to quickly and effectively remove viruses, trojans, and ransomware, as well as fortify your computer against future attacks. While it is more important than ever to protect your devices than ever, the good news is it's also easier than ever to install comprehensive and effective protection. 

The following list outlines our top three picks for the most effective and comprehensive protection.

1. Malwarebytes - Best protection

1. Malwarebytes - Best protection
Malwarebytes should be your go-to program if you suspect your device may be compromised. It is updated daily so you can trust it will stay on top of new threats as they appear.

Malwarebytes Premium includes market leading preventative tools such as their real-time scanning and protection from ransomware. However, the basic (and free!) version is still incredibly effective, with its only downside being that it has to be operated manually. We recommend running a scan at least once a week to check for any issues that you haven’t noticed, as well as running further scans immediately if you notice that your web browser has suddenly started behaving differently.

In 2022, Malwarebytes also purchased Adwcleaner, which removes programs that hijack your browser by changing your homepage, resetting your default search engine, or adding unwanted toolbars.

2. Avast Antivirus - Best antimalware and antivirus

2. Avast Antivirus - Best antimalware and antivirus
Avast Antivirus offers a comprehensive online protection suite, which bundles both antivirus and antimalware, that utilize behavioral monitoring to spot rogue programs, into one software.

If you operate across multiple devices Avast is unbeatable for its availability across mobile devices as well as desktops.

The free ‘basic’ Avast provides complete protection, though you are also able to upgrade to a paid plan that allows you to fine-tune your PC to run better. The paid plan also includes anti-ransomware software and secure file shredding. For business users, there are additional paid-for internet security options to cover a range of needs.

3. Kaspersky Antivirus - best overall cyber security

3. Kaspersky Antivirus - best overall cyber security
Kaspersky Antivirus focuses on only the core security essentials you need and offers a stripped back, streamlined user experience.  It features effective web filtering to block dangerous URLs, an accurate engine that detects and removes threats as well as smart monitoring technologies that track and reverse malicious actions. Additional standout elements include automatic scans, drive-by cryptomining infection prevention, as well as simplified security management. 

Though Kaspersky Antivirus is more limited compared to additional features offered by competitors, the features it offers work incredibly well. If you are unlucky enough to be infected by malware we have found Kaspersky is one of the best at blocking malware, and removing it from an infected system. 

The interface is incredibly simple to use, balancing the line of not being overly complicated and intimidating for new users. It also features simple, on-screen instructions to explain how everything works.

Picking the right malware removal software

Choosing the right malware removal software is essential for keeping your digital devices secure.  Though there are many effective malware removal tools on the market, it is important to identify the right tool for you depending on how you will use the tool. 

There are a number of important factors to consider when it comes to selecting the right software for you and making an informed choice.

Effectiveness: Any reliable malware removal tool will detect and eliminate threats on your device with accuracy and speed. To gauge the efficiency of how the software will work for you, it’s useful to try out multiple program options and pay attention to how long the scans take as well as comparing how well the tools interface performs on your device. Additionally, consider the impact on your computer's performance. Check if the software puts a strain on your CPU, as some tools might consume considerable resources which could  slow down your computer. It’s vital to strike the right balance between minimal impact on your device's speed and effective threat detection.

Budget: Luckily there are incredible options across a huge price range, with many such as Malwarebytes offering comprehensive free coverage, so there's no excuse to not be protected! Often free malware tools offer enough basic protection for personal use, keeping your data and devices secure at no additional cost. However, for business accounts or if you are handling sensitive information we recommend a more sophisticated software in order to bolster your defense, which often translates to more expensive.

Sensitive data is worth a lot to your employer and therefore worth a lot to hackers due to the damage it can cause by being compromised- so it’s best to invest in both preventative measures and a removal program just in case.

Additional features: Many companies aim to stand out by packing their programs with extra features to entice users with added value. These extra  features often go beyond basic malware removal and can significantly bolster your digital security. These may include security tools such as virtual private network (VPN) services that let you surf the web privately. You may also find other high value options including integrated password managers that help you organize and secure your online accounts conveniently. Opting for a malware removal tool that bundles these features can be a smart move, saving you both money and the hassle of purchasing separate programs.

Customer support: In the event something goes wrong with your programs, it’s good to know there will be someone available to assist. Take the time to evaluate the customer service options provided by each program. Make sure you pay attention to the channels available for crisis communication and think about your own preferred medium—whether it's email, telephone, or live chat—and ensure the program aligns with your communication preferences. Additionally, assess customer service availability times, a malware attack doesn't wait for office hours, so consider whether the support is available 24/7, during standard business hours, or follows a different schedule. 

This ensures that assistance is accessible whenever you need it. It’s worth noting that often that direct customer support is usually reserved for paid users. If you’re opting for a free plan, assess the availability of comprehensive FAQs, forums, and online support communities. While not as direct as personalized support, these resources can provide valuable insights and solutions to common issues, enhancing your overall experience with the malware removal tool.

Ease of use and user-friendly experience:  When it comes to choosing malware removal software, it's essential to consider the ease of use, so that you can tailor your experience to how tech savvy you, or the person you are installing the software for, may be. A user-friendly interface can make a significant difference in your overall experience. Take some time to explore the programs to see how intuitive the navigation is and ensure you can easily access the features you need. 

Alternatively, if you prefer a more hands-off approach, test if the software allows for an automatic setup that works seamlessly in the background. Operating software into your digital security toolkit should be a hassle-free experience, and selecting a tool that aligns with your comfort level ensures smoother, more efficient protection.

How we test malware removal software

The numbers and severity of malware attacks are escalating each year, making it a significant concern to both business and personal users. Therefore, it is more important than ever to have comprehensive malware removal software ready for action in the event of a compromised account or device. Our mission is simple: to be your tech experts. We’re proud to be your go to source for tech-buying advice, use, and long-term insight to help you find the best tech and get the absolute most out of it.  We pride ourselves on our rigorous testing process, frequently reassessing to ensure our recommendations are constantly up to date and maintained.  If you can still buy it, it's on our radar.  

Our global team of experts are some of the finest technology journalists on the planet. Our editorial independence is backed by one of the world's largest technology publishers, Future Publishing, which means we can tell you what we think of a product without bias.

In testing malware removal software, we downloaded both free and paid versions to compile the best options for you to choose from. We thoroughly  check all essential factors including their speed, performance, ease of use, pricing, and customer support.

To test each malware removal software, we first set up accounts across all of the leading software platforms, whether this is a program download or an online service. 

We then test the service to see how the software could be used for different purposes and in different situations. Our aim is to push each platform as far as we can to see how useful its basic tools are as well as assess the usability of the interface. This process also allows us to compare how easy it is to utilize more advanced tools, as well as compare free and paid plan options.. We also assess how well each platform scored for malware detection, ease of operation, and whether it identified any false positives.

For more information on how we reached our conclusions check out our full ‘How we test, review and rate on TechRadar’ page.

Olivia Powell
Tech Software Commissioning Editor

Olivia joined TechRadar in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across sites including TechRadar Pro, TechRadar, Tom’s Guide, iMore, PC Gamer and Games Radar. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.

With contributions from