January 19, 2023
By Sharan Kaur Phillora
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products.
One such case that came into light recently involved a crypto wallet linked to an NFT influencer, who had a “life-changing amount” of their net worth in NFTs balance drained by malicious actors while downloading software found via a Google Ad search result.
Here’s what we know:
Known to the crypto world as “NFT God” aka Alex, this pseudo-anonymous influencer took to Twitter and shared tweets claiming his “entire digital livelihood” came under attack.
He says he meant to download OBS, an open-source video streaming software. But the sponsored advertisement for the software, which he found through a Google Search, led to a Trojan download.
After two hours he saw series of phishing tweets posted by attackers on two Twitter accounts that Alex operates. He then noticed his crypto wallet was also drained. But that’s not all. The attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.
This is an alarming case as it shows how attackers are using sponsored Google Ads to spread malware and phishing links. It also highlights the importance of being vigilant when it comes to downloading software from search results.
One good way to block these campaigns is to activate an ad-blocker on your web browser, which filters out promoted results from Google Search.
Another precaution would be to scroll down until you see the official domain of the software project you’re looking for. If unsure, the official domain is listed on the software’s Wikipedia page.
If you visit the website of a particular software project frequently to source updates, it’s better to bookmark the URL and use that for direct access.
A common sign that the installer you’re about to download might be malicious is an abnormal file size.
Another clear giveaway of foul play is the domain of the download site, which may resemble the official one but has swapped characters in the name or a single wrong letter, known as “typosquatting.”
About the author
Sharan Kaur Phillora’s thirst for knowledge has led her to study many different subjects, including NFTs and Blockchain technology – two emerging technologies that will change how we interact with each other in the future. When she isn’t exploring a new idea or concept, she enjoys reading literary masterpieces.