Skip to main content

Fake Google ads used to lure victims to malware-rigged Signal, Telegram websites

Trojan
(Image credit: wk1003mike / Shutterstock)
Audio player loading…

Cybercriminals are using malicious Google Ads and web pages to lure unsuspecting users into downloading and executing an information stealing malware (opens in new tab).

Cybersecurity (opens in new tab) experts at eSentire (opens in new tab) have shared details about this new campaign that places Google Ads to take users to a fraudulently replicated download page for secure chat applications (opens in new tab), such as Signal (opens in new tab).

Instead of the installer for the legitimate app, the download link on the fake page pushes AutoIT scripts (opens in new tab), which then deploy the Redline Stealer, which is one of the most popular information stealing malware.

“They [threat actors] are spending money to purchase Google ads (although they could be using stolen credit cards to purchase the ad space), and they have spent time creating believable ads and almost exact replicas of the download pages for some of the most popular secure chat applications,” said Spence Hutchinson, Manager of Threat Intelligence for eSentire. 

Drive-by-Download campaigns

The company also suggests that stolen information is either sold on the dark web or directly used in further intrusions and fraud campaigns. 

During its breakdown of the campaign, eSentire notes that not only have these drive-by-download campaigns become the most popular threat vector, they are also increasingly poisoning Google’s search results.

In addition to the current campaign, eSentire also shares details about previous campaigns that lure users with fake Google ads for business productivity (opens in new tab) tools such as remote desktop software (opens in new tab) like AnyDesk, file hosting services (opens in new tab) like Dropbox (opens in new tab), and the Telegram messenger. 

“Corporate internal security teams and external security teams need to make sure employees are very aware of the different tactics threat actors are using to lure them to malicious web pages, malicious ads and malicious documents,” warns eSentire in its advisory against the new campaign.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.