FBI warns threat actors that search engine ads are being used to advertise websites that distribute ransomware and steal login credentials for crypto exchanges and financial institutions.
Today’s federal law enforcement agency stated that threat actors buy advertisements imitating legitimate businesses and services. These advertisements appear on the first page of search results pages, and they link to websites that are identical to the company impersonated.
The FBI warned that advertisements will appear in search results when a user is searching for the business or service. There’s little distinction between them and actual search results.
These advertisements lead to a page that is identical to the official website of the impersonated company.
The FBI states that advertisements linking to sites with download links to the software will be used when searching for it.
Also, the FBI warns against phishing websites that pretend to be financial platforms, and more specifically cryptocurrency exchange platforms, that ask visitors for their credentials.
These phishing websites will steal credentials once they have been entered. Threat actors can then use the stolen credentials to sell or steal money.
BleepingComputer helped expose a to impersonate software projects, cryptocurrency exchanges and wallet platforms in order push Windows and Android malware.
A site was found to have used malvertising and dropped the Vidar information stealer on unsuspecting users earlier in the year.
These advertisements promoted the gimp.org site, but they actually redirected people to malware-laden sites.
Another case was from March 2022. The Mars stealer used Google Ads as a way to advertise a maligning Open Office-lookalike site in order to spread their malware.
Recent disclosures by the SANS ISC revealed a campaign via Google Search. This included IcedID malware being dropped instead of popular remote desktop apps.
When searching online for something, the most important precaution is to not click on any of the results.
It is better to ignore the promoted ads in the top results for a search term and instead scroll down and find the official site search result.
The FBI warns that although search engine ads aren’t malicious, you should exercise caution when visiting a website via an advertisement link.
Additionally, checking the URL may not always be helpful. Threat actors might create ads to show a valid URL, but redirect the user to fake sites.
A second recommendation is to install ad-blockers. These filters filter out the promoted results from Google Search.
It is better to bookmark a URL to a site you frequent rather than searching it each time.