Here is another reason why you should never click on ads to download software

Martin Brinkmann
Aug 2, 2024
Google, Search
|
29

Imagine the following scenario. You want to download Google Authenticator, run a search on Google for the company's application, and click on the first link that appears.

The link looks good even though it is listed as sponsored. It shows Google's official site as the URL. When you check the advertiser, which you can on Google Search, you get confirmation that Google has verified the advertisers identity.

All good then? Not in the aforementioned case. If you would have downloaded the linked app, you would have installed malware-infested Authenticator application to your device. The application, which even came with a valid signature according to reports, installed the DeerStealer information-stealing malware on Windows devices.

Not the first case, likely not the last

Threat actors have managed to overcome the security systems of advertising companies such as Google numerous times in the past to plant malware ads on Google Search and elsewhere. We have reported on this numerous times already, for example here or here.

Just last year, it was reported that malware was distributed via Google Ads at an alarming rate. The situation has not improved.

These are often made to look like the legitimate product, and it is very difficult for the user to determine that they are not.

In the above case, everything checked out on first glance:

  • Correct Google Domain listed.
  • Google verified the advertiser.
  • App is signed.

Bleeping Computer asked Google about the impersonating of legitimate companies and people, and Google stated that threat actors are evading detection by creating thousands of accounts simultaneously and using text manipulation and cloaking to show reviewers and automated systems different websites than a regular visitor would see".

In other words, Google admits that it cannot protect users from malicious ads 100% of the time. While it boasts that it has removed "3.4 billion ads" and suspended "5.6 million advertiser accounts" in 2023, it still has not found a way to detect all malicious ads and advertisers on Google Search.

Sponsored links are not to be trusted

Any link in Search that is listed as sponsored or an ad should not be trusted, especially when it comes to downloading software or making financial transactions. This is the only consequence that users should draw from that statement.

Threat actors have abused search ads one to many times to make them trusted. Usually, all it takes is to scroll down a bit more until you find the first organic search results. There you should find the official website listing of the product.

What about you? Do you click on ads or sponsored results sometimes? What is your take away from the recent malicious advertising campaign? Feel free to leave a comment down below.

Summary
Here is another reason why you should never click on ads to download software
Article Name
Here is another reason why you should never click on ads to download software
Description
A fake Google Authenticator website and download advertised on Google Search that resulted in the installation of malware on user systems.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. TelV said on August 6, 2024 at 9:08 am
    Reply

    In addition to all the above woes I note from The Register that we’re going to be minus one more CA (Certificate Authority) soon. Mozilla intends to follow Google and distrust Entrust.com in November according to their site: https://www.theregister.com/2024/08/01/mozilla_entrust/

  2. vanp said on August 5, 2024 at 5:51 am
    Reply

    Are ads on this site one zillion %, positively, undeniably, provably, physically-impossible-to-be-unsafe safe? Just askin’.

  3. Andy Prough said on August 5, 2024 at 4:36 am
    Reply

    >”Threat actors have managed to overcome the security systems of advertising companies such as Google”

    Martin, by this I assume you really mean, “Google happily sells ad space to malware creators, even for advertising malware-infested versions of Google’s own products. Anything to make another trillion dollars or so.”

  4. pHROZEN gHOST said on August 4, 2024 at 2:34 pm
    Reply

    Beware of “sponsored” posts on social media too.

  5. John G. said on August 4, 2024 at 12:20 pm
    Reply

    Hello Martin, I have applied one optional update of July for W11 and now I see an useless greyed out icon named “Continue from Phone” at startup. Probably this update will be the same for the second Tuesday of August, so please it could be a good idea an article on how to uninstall this icon or furthermore the entire app if possible. Thank you in advance! :]

    1. boris said on August 4, 2024 at 5:41 pm
      Reply

      Look for the program called “O&O AppBuster”. It can uninstall most none-essential Microsoft apps.

    2. VioletMoon said on August 4, 2024 at 4:13 pm
      Reply

      Could help to know the Update Name/Number, but if a Restore Point was made [or better yet a full image system backup] before installing any update from MS [or any program], then the problem is solved.

      May help–

      https://www.windowslatest.com/2024/06/30/windows-11-23h2-update-tests-a-continue-from-phone-feature-for-android/

  6. cams1303 said on August 4, 2024 at 5:57 am
    Reply

    “it still has not found a way to detect all malicious ads and advertisers on Google Search.” How hard can it be for google to block and links in its sponsored ads that the domains are less than say 30 days old. Take the advertisers money typically from stolen CC info and refuse to refund if links are new. By the time 30 or more days are past these phishing domains have likely been taken down.

    Or if the ad links domain are under say 30 days then use some of that AI to check if they are legit of scams.

    Or just take the money and delete them when there is a complain hence participating in the actual scam. Google long since dumped the “don’t be evil” from its code of conduct.

  7. 11r20 said on August 3, 2024 at 7:57 pm
    Reply

    Lot’s of malicious activity and abuse right now…from the FANG’s, Content Providers and Hackers.

    Lately I’ve caught a ‘few’ abusive IP’s “Aways on Startup” as well as some abusive Stateside & Canadian-Cloudflare IP’s on my Win7’s NetLimiter-4-Pro.

    I’ve blocked all malicious IP’s, including malicious Microsoft-edge IP’s I’ve caught on “Startup”, by adding them to the Win7-Firewall and add the same, one at a time to a Blackbird Firewall/blocker as well as the Router.[Not much edge-action anymore since No More Crazy-Updates] Everything’s Quiet

    Still runnin a clean and lean FF-51 with a fresh user-agent + Noscript + uBlock-O…Also using the latest Palemoon. Everything is Beautiful.

    Gonna listen to the latest TWIT-Cast later today @ “” https://www.grc.com/securitynow.htm “”

    Stay safe ((Back to the Future Baby))

  8. John said on August 3, 2024 at 5:19 pm
    Reply

    Always download anything from the source and not some link. I assume anymore any of these links are not to be trusted. So much crap going on you cannot trust anything that you cannot verify the origins of.

  9. Hank in Tennessee said on August 3, 2024 at 3:35 pm
    Reply

    Hi Martin,

    Hey, did you see Startpage has a new mobile app?

    I’d love to hear your take on it!

    As well as all our other gHackers!

    So, now you, does Martin Brinkmann use the Startpage app? :o)

    https://app.startpage.com/

  10. Tom Hawack said on August 3, 2024 at 11:49 am
    Reply

    Whatever the search engine I use among the 14 I’ve bookmarked, I never encounter a sponsored link, mainly thanks to ‘uBlock Origin’. But should I that I’d NEVER download software via a sponsored link. Not only that, but I download & update software from the developer’s page, even if I trust the software portal sites that I visit : no developer’s page? No download. If I ever happen to wonder if I’m overdoing it then this article would remind me that I’m doing right (at least with sponsored links).
    Also, when searching on the Web for specific software one may encounter links that propose to download a free version of an otherwise paid software : NEVER as well :)
    Lastly : I avoid Google Search as I avoid, blacklist, boycott all of Google.

    1. Allwynd said on August 4, 2024 at 5:43 am
      Reply

      If tou boycott Google, how do you use an Android?

      1. Anonymous said on November 25, 2024 at 12:04 pm
        Reply

        ???

      2. Anonymous said on August 6, 2024 at 2:29 pm
        Reply

        @Allwynd the most important thing is to not use Brave cryptominer.

      3. upp said on August 4, 2024 at 8:37 pm
        Reply

        @Allwynd Dont you even know that you can use custom ROMs ?

      4. Tom Hawack said on August 4, 2024 at 10:12 am
        Reply

        @Allwynd, I should have mentioned my environment : PC. No idea how I’d manage my blocklists, my various blocking policies on a smartphone given I use none (only a basic mobile for phone/sms). I don’t like smartphones, I dislike what they imply, the way the world is moving around them.

  11. Sebas said on August 3, 2024 at 8:31 am
    Reply

    Speaking about Ads: Firefox with Youtube and uBlock Origin: all over the place. Edge + YT + uBlock Origin Lite: none. ???

  12. dumlat said on August 3, 2024 at 8:09 am
    Reply

    Looks to me one more reason to stay away from anything that has anything to do with advertisement. Google or otherwise. Just because we get used to it doesn’t mean it should be there. It should not.

  13. G00gle_Domination said on August 3, 2024 at 6:17 am
    Reply

    With google slowly killing adblockers on their platform….

    Not suprised in mass spread of google hosted ads containing malware, adwares, virus, ransomware, etc. happens.

  14. John G. said on August 2, 2024 at 10:17 pm
    Reply

    All browsers, and I meant ALL browsers, should advice the user that there is an ad in one link, using colors, some kind of emoji list of any other way. ALL browser should and ought to make clear that a link can give you some troubles because those links are some kind of ads or even non trusted ads at all. Just move towards a clean browsing please! Thanks for the article! :]

    1. VioletMoon said on August 4, 2024 at 4:21 pm
      Reply

      “ALL browsers should and ought to make clear that a link can give you some troubles because those links are some kind of ads or even non-trusted ads at all.”

      Or one can safely assume links in general can and will lead to problems and avoid, if at all possible, clicking on links. At some point, the user must assume full responsibility for everything going on–whether it’s an update [and updates aren’t paused] or a link on a site.

      Maybe try making a Restore Point [create a Task] at every log in and before any use of the computer.

      No, not ripping on you . . .

  15. Carl said on August 2, 2024 at 9:59 pm
    Reply

    Just as I opened this article, it threw a full screen ad at me with a giant “Download Now” button. This is a fresh install of Windows and browsers, so it definitely came from ghacks. Maybe you should clean up your own ads if you are going to have an article about “Download Now” ads being unsafe.

    1. TelV said on August 3, 2024 at 12:17 pm
      Reply

      @ Carl,

      Ghacks’ editor is still Martin Brinkmann, but the site owner is Softpedia now. They decide which ads appear on the site not Martin. Installing uBlock Origin with the respective filters enabled should take care of ads which would otherwise appear, or at least they do for me.

      1. Tom Hawack said on August 3, 2024 at 7:38 pm
        Reply

        I guess you meant Softonic, not Softpedia …

      2. TelV said on August 6, 2024 at 8:59 am
        Reply

        @ Tom Hawack,

        Yes, you’re right about that Tom. Apologies for the error.

  16. Spamware said on August 2, 2024 at 5:23 pm
    Reply

    Year 2024 and a tech related blog warns about spyware via ad links…. did everyone upgrade to windows XP already?

    1. pHROZEN gHOST said on August 4, 2024 at 2:42 pm
      Reply

      Windows 3.1!!!

  17. Tachy said on August 2, 2024 at 5:08 pm
    Reply

    I don’t see ‘sponsored results’ when I run a search on my pc where I use non javascript duckduckgo.

    I don’t see ‘sponsored results’ on my android phone either. I use the same search engine in the Adblock Browser.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.