Nowadays, users are exposed to threats on the Internet practically everywhere, not only receiving fraudulent emails, but also SMS messages, WhatsApp messages, even an action as simple and direct as accessing the Google search engine is dangerous.
The research company Malwarebytes has discovered an ad in the Google search engine that offered to download the Authenticator application.
The worrying thing about this issue is that this fraudulent search engine ad was impersonating Google itself, promoting Authenticator’s services, so many people would have downloaded the malware.
So, if you tried to download the popular Google Authenticator from Google search recently, you are probably infected.
Malwarebytes
Google search engine often displays sponsored links in the top positions, so if you downloaded Google Authenticator from there in the last few days, you should be on the alert.
This malicious advertisement led users to download Authenticator clones that feature malware called DeerStealerfrom a developer verified even by Google.
Malwarebytes tested accessing this fraudulent link and found that it redirected users through several intermediary domains controlled by the attacker until they reached the fake Authenticator site.
By clicking the download button of this supposed Google Authenticator, A pop-up window appeared that downloaded malware onto the computer.
Google has confirmed that when they received the warning from MalwareBytes they removed this ad, but it is likely that there are hundreds or thousands of people infected.
According to Google, the attacker created thousands of accounts to evade detection and also modified the URL and site text using cloaking software to show Google reviewers different websites and information than what end users saw.
Malware risks
If the DeerStealer malware has been downloaded onto the victim’s computer, all of the user’s passwords and banking information are at risk.
If you remember downloading Google Authenticator these past few days through a Google search, We recommend that you delete it and run an antivirus, and change all passwords for important services such as banking..
“We prohibit ads that attempt to bypass our app by disguising the advertiser’s identity to trick users and distribute malware,” a Google spokesperson said.
“When we identify ads that violate our policies, we remove them and suspend the associated advertiser’s account as quickly as possible, as we did in this case.”
Google is still investigating this issue to prevent it from happening again in the future.
Known how we work in ComputerHoy.
Tags: Malware
Add Comment