Report: malware is distributed via Google Ads at an alarming rate
Search engine ads have always seen some level of abuse by malicious actors to spread malware. An ad is placed at the top of results on Google Search and most other search engines, which means that it will get more exposure than other other link on the site.
Over the past weeks, researchers have witnessed an increase in malware campaigns that use Google Search ads. Spamhaus Technology, for example, published a report on February 2nd, 2023 on the current increase in malvertising activity. Malvertising, which stands for malware advertising, is spreading "numerous malware" by impersonating programs and brands such as Adobe Reader, GIMP, Thunderbird or Microsoft Teams.
Search ads are based on keywords most of the time. When a searcher runs an exact match keyword or a partial match, ads may be displayed based on parameters that the individual or organization selected during setup.
These ads point to web addresses. In the case of malvertising, links point to fake website that offer downloads for the requested programs. These downloads contain malicious payloads, which are then installed on user devices when they are downloaded and run. The fake websites are made to look like the real websites, but unlike phishing sites, are not bit-by-bit copies of the originals.
Google seems to have removed the reported malvertising campaigns, but it seems likely that new campaigns will be created by malicious actors. While that requires some time for setup, as new Google Adwords accounts need to be created and new domains need to be set up, it is clear that new campaigns will make an appearance on Google Search unless Google is taking action against these campaigns.
Spamhaus believes that Google could reduce the risk of malvertising campaigns by disallowing links to domains that are newly registered. Additional protections would certainly help, but malware actors may resort to buying domains on the second hand market to use them in their campaigns.
SentinelLabs reported an increase in malvertising as well this week.
What users may do to protect themselves
Internet users have a number of options at their disposal to improve protection against malicious advertising and malware in general.
One of the easier options is to ignore ads, especially when it comes to downloads. Google Ads are barely distinguishable from organic content, which may make it difficult for some users to spot the difference.
Certain content blockers, including uBlock Origin, block ads on search engines by default. Others need to be configured to block these ads on the search engine sites.
Another option that users have is to start using a different search engine. Most are financed through ads though, but most are too small to be lucrative targets at the moment.
Now You: which search engine do you prefer?Advertisement