I tried to warn you last year about clicking on Google Ads in search results but it appears those warnings have gone unheeded as hackers are still using malicious ads to infect unsuspecting users with malware.
Malvertising or malicious advertising has become increasingly popular among cybercriminals as phishing attacks and bad apps just aren’t as effective as they used to be. Instead, hackers are now buying ad space on Google Search and other search engines as a means to trick users into installing malware.
One of the ways in which they do this is by impersonating popular brands. So far, we’ve seen hackers impersonating Amazon, USPS, CCleaner, Notepad++ and other household names. However, Facebook and Microsoft have remained the most impersonated brands since 2020 according to a report from the email security firm Vade.
Now though, it appears that hackers have started impersonating a popular PC tool used by both PC enthusiasts and gamers. If you just got a new gaming laptop in an early Black Friday sale or finished building your first PC, you’re going to want to be especially careful when searching for this extremely useful utility online.
Impersonating a popular PC tool
As reported by The Hacker News and discovered by the cybersecurity firm Malwarebytes, the tool in question is CPU-Z and it’s used to quickly find information about your processor, motherboard, RAM, graphics card and more.
While you can download it here directly from CPUID, hackers are now preying on PC users that don’t bother scrolling further down in search results. You see, Google and other search engines place ads at the top of their search results to earn revenue. Although most of these ads are harmless, hackers have begun weaponizing them in their attacks.
In this new campaign, unsuspecting PC users that click on an ad like the one seen above are taken to a fake download portal that appears legitimate to the untrained eye. However, instead of CPU-Z, the site contains a digitally signed MSIX installer that contains a malicious PowerShell script for a loader known as FakeBat.
As their name suggests, malware loaders are used to infect your computer with malicious software and they work in a similar way to malware droppers on your smartphone. Once installed on a targeted PC, this loader downloads and installs the Redline stealer. This malware is capable of stealing a victim’s personal data including their browser history, browser cookies, saved browser passwords, credit cards, VPN passwords, system information and cryptocurrency wallets.
One other interesting thing about this campaign is not all users that click on these malicious ads for CPU-Z are taken to a fake download portal. Instead, those who aren’t being targeted are taken to what appears to be a standard blog with a number of articles on it.
How to stay safe from malicious ads
The internet and online ads go hand in hand but to stay safe from malicious ads, you’re going to need to change your browsing and shopping habits.
Since hackers can pose as legitimate businesses and buy ads on any site or search engine, your best bet is to avoid clicking on ads altogether or at least until Google and other tech giants figure out a way to nip this problem in the bud once and for all.
So for instance, let’s say you want to download reWASD to customize one of the best PC game controllers. Instead of clicking on the first search result you see, you’re going to want to scroll down past all of the ads and sponsored results to find the actual program you’re looking for. Another good way to avoid malicious ads is by going to a company’s website directly as opposed to just searching for the software or product you’re interested in.
At the same time, you may also want to consider using an ad blocker for browsing the web, even if YouTube is currently cracking down on them. If you can't see ads, you're going to be way less likely to click on them.
Besides changing your browsing and shopping habits, installing one of the best antivirus software solutions on your computer can help you stay safe from malware and other attacks that can occur when you click on a malicious ad. Likewise, the best identity theft protection services can help you recover stolen funds and your identity if you do happen to fall victim to fraud.
The tactics used by hackers and other cybercriminals are constantly evolving as people become wise to their schemes. While malicious ads are popular now because they work, once more people become aware of them, we’ll likely see hackers pivot to a new, lesser known attack method.