Cybercriminals will always find a way to attack, and they recently discovered a new way to infect a computer using search engine ads. Google.

By creating fake sites and advertising that the page will appear in the first search results of the platform, attackers intend to deceive users.

Malware via advertising

There are already several known cases of this type of cyber-attack, in which criminals want a person to go to a page and download software that is actually a virus.

One of them is propaganda OBS (Open Broadcaster Software)which is a program for live streaming on digital platforms such as Twitch, Facebook and YouTube. When users search Google The app may appear as the first result, an ad from a fake page.

You may be interested in: This is how you can change the country of Google Play Store accounts

Without knowing it, a person enters and downloads the program in the .EXE file format, which is common for this type of process, but when cybercriminals install themselves, they manage to control some accounts, such as social networks or cryptocurrency wallets, and clone them. computer data

The scale of this attack affected the influencer NFTs in Twitterwho downloaded and installed the app from a fake ad and later reported the attack but it was too late and his cryptocurrency account was hijacked by someone and he lost his money and NFTs.

“Last night my entire digital livelihood was disrupted. All my personal and professional accounts were hacked and used to harm others. More importantly, I lost the amount of my net worth that changed my life,” Alex is reported to have said in his profile.

But this is not the only case that has been known so far. As reported by users reddit, When searching for graphics drivers AMD to download them GoogleA fake page ad appeared in the first result.

You may be interested in: Google Podcasts may migrate its services to YouTube

A situation that also happened VLCA free multimedia player developed by the VideoLAN Foundation that was embedded in a fake website, as discovered Trend MicroThis type of attack is called “Search Engine Optimization (SEO) poisoning”.

“Search engine results can be contaminated to download malicious files through SEO poisoning, and legitimate tools can perform malicious behavior because they are misused,” the researchers said.

As a paid content, the search engine ranks the fraudulent site higher than the official one, which guarantees that users can download the programs without any problems.

This situation should put users on alert, who should be very careful about where they download software onto their computers. The best option is to avoid access from the search engine, or manually type the link to the original brand page to avoid risk. In addition, companies usually do not advertise their software downloads.

This measure should be reinforced by constantly updating the computer and browser so that they have appropriate defense tools and constantly changing access passwords on other platforms.

Continue reading: