In addition to cyberattacks, phishing attacks and malicious apps, cybercriminals can also abuse Google Ads to trick users into falling for their schemes.
As reported by BleepingComputer, if you searched for ‘GIMP’ on Google last week you may have seen an ad for the official website of the popular Photoshop alternative. However, this was actually a fake ad used to infect visitors with the VIDAR info stealing trojan.
Besides earning a spot among the best photo editing software, GIMP (GNU Image Manipulation Program) is also open source and can be downloaded for free. Its official website is ‘GIMP.org’ and despite being a malicious ad, the fake ad spotted by BleepingComputer showed the correct web address.
If a user clicked on the ad (which has since been removed), they were taken to a phishing page that closely resembled GIMP’s official site. While they thought they were downloading the actual program, the fake site instead delivered a malicious file called ‘Setup.exe’ that would infect their computer with malware once installed.
Abusing Google Ads
According to a support document about Google Ads, the service allows advertisers to use a display URL that is shown in the ad and a landing URL that visitors are taken to after they click on the ad. In this case, the display URL was ‘GIMP.org’ while the landing URL was the fake ‘gilimp.org’. Normally in Google Ads though, the display and landing URLs need to point to the same site.
In a Reddit post, a user pointed out that the hackers behind this campaign may have used an IDN homograph technique to make the Cyrllic spelling of Gimp’s website (xn–gmp-jhd.org) appear like the Latin ‘gimp.org’. However, this seems unlikely since ‘gilimp.org’ and another fake domain called ‘gimp.monster’ were used in the campaign. At the same time, a potential bug in Google Ad Manager could have been responsible, but that's still unknown at this time.
Regardless, hackers often buy ad space on legitimate platforms like Google Search and other search engines to launch malvertising campaigns. However, many of these malicious ads can actually launch attacks without being clicked on.
In an email to Tom's Guide, a Google spokesperson provided further insight on the fake GIMP ads that appeared in its search engine last week, saying: “We have strict policies designed to protect people from abuse and combat fraud across our platforms, which we enforce vigorously. The ads in question were flagged by our systems and removed for policy violations.”
Malvertising vs. adware
Even though they both involve advertising, malvertising and adware are actually quite different.
Adware is a type of malware that can infect your computer and smartphone while malvertising or malicious advertising is a term used to describe bad ads that can lead you to phishing sites and other dangerous web pages according to a blog post from AVG. However, both hide in plain sight.
Once you install an adware app on one of your devices, you’ll start seeing ads that you normally wouldn’t encounter online. The creators of one of these apps may also hijack the ads you normally see to replace them with new ones that when clicked, earn them ad revenue.
What makes malvertising so dangerous is the fact that your device doesn’t need to be infected with malware first. This is because the malicious ads used in these campaigns are hosted on legitimate websites like Google in the example above.
Either way, malvertising and adware are both threats that you need to watch out for online as you could have your passwords and other sensitive data stolen if you happen to fall victim to either.
How to stay safe from malicious ads
The easiest way to stay safe from malicious ads is to avoid clicking on ads altogether. With these fake ads for GIMP, if users had just scrolled farther down the search results they would have seen a link to GIMP’s official website. Clicking on it would have allowed them to download the actual program instead of being taken to a phishing site distributing malware.
While the ads at the top of Google Search and other search engines may be convenient, there is a small chance that they could actually be fake. This is why it makes sense to avoid them and go directly to the official site of a product or service you’re interested in instead. Likewise, you can install one of the best ad blockers to limit the amount of ads you see online.
If you do click on an ad online, you should take a close look at the domain name of the site it takes you to ensure it’s legitimate. Does the URL have any misspelled words or does anything else look out of place? If so, it could be a phishing page and not a company’s official website.
Whether or not you choose to continue clicking on ads online is up to you. However, by installing one of the best antivirus software solutions on your devices, you can help protect yourself from malicious ads and fake sites that spread malware and other viruses.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.