Think Twice Before Using Google To Download Software, Researchers Warn (arstechnica.com)
- Reference: 0170262459
- News link: https://tech.slashdot.org/story/23/02/03/2233216/think-twice-before-using-google-to-download-software-researchers-warn
- Source link: https://arstechnica.com/information-technology/2023/02/until-further-notice-think-twice-before-using-google-to-download-software/
> "Threat researchers are used to seeing a moderate flow of malvertising via Google Ads," volunteers at Spamhaus [2]wrote on Thursday. "However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not "the norm.'"
>
> The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.
>
> On the same day that Spamhaus published its report, researchers from security firm Sentinel One [3]documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts' data and other sensitive information from infected devices. The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap.
"Until Google devises new defenses, the decoy domains and other obfuscation techniques remain an effective way to conceal the true control servers used in the rampant MalVirt and other malvertising campaigns," concludes Ars. "It's clear at the moment that malvertisers have gained the upper hand over Google's considerable might."
[1] https://arstechnica.com/information-technology/2023/02/until-further-notice-think-twice-before-using-google-to-download-software/
[2] https://www.spamhaus.com/resource-center/a-surge-of-malvertising-across-google-ads-is-distributing-dangerous-malware/
[3] https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
Bad Headline (Score:3)
Think Twice Before Using Google Advertisements To Download Software
Which no one should be doing in the first place, unless you're also in the habit of clicking links in emails from random people.
Re: (Score:2)
or my favorite, click ok on any random dialog box that appears on your screen
Re: (Score:3)
Even shorter: Think Twice Before Using Google
Re: (Score:2)
> Think Twice Before Using Google Advertisements To Download Software
> Which no one should be doing in the first place, unless you're also in the habit of clicking links in emails from random people.
Oddly enough, I received an email from our IT security today saying a user did just that. Now the machine needs reimaged.
Re: (Score:2)
Some of them are insidious. Sourceforge, or what's left of it, is profoundly worse. A few old open source authors still host their content there, which I'd consider a mistake for any serious open source author. The "download this source code" pages are deliberately cluttered with adware behind "CLICK HERE!!!" buttons, and the actual software download is quite obscure.
Use VirusTotal to check ANY new software. Free. (Score:2)
Use [1]VirusTotal [virustotal.com] to check ANY new software.
VirusTotal is free. It checks uploaded files using software from many security vendors.
[1] https://www.virustotal.com/gui/home/upload
That's wny I search for shareware cd's (Score:2)
then use AstaLavista for the patch/crack.
very old news (Score:2)
It has always been dangerous finding software to download via google. It is nothing new.
Always been this way (Score:1)
Google ads on search arenâ(TM)t the only problem, theyâ(TM)re fucking everywhere, but Iâ(TM)ve noticed you can configure nextdns to disable most ad links with tracking like Google ads. It can be a bit of a pain when thereâ(TM)s a link with tracking you actually want to follow, but itâ(TM)s usually easy enough to find a different path to the destination. Combined with ad block extension, itâ(TM)s a bit harder to get suckered into malvertising, etc.
What is dangerous in that? (Score:3)
Who in their right mind clicks on Google ads? Any ads. Never do that. Same as never open Word documents from unknown senders or emails with weird subjects. Same as you do not lift anything up from the street and put in your mouth. Follow basic digital hygiene and most everyday threats will not affect you.
Re: (Score:3)
The problem is that, to continue your analogy, Google has taken food off the street, placed it onto the buffet next to the food from the kitchen, but with a little paper tab that says "Not edible" instead of "Orange chicken."
No, you shouldn't eat it, but that doesn't excuse Google from selling it, which is exactly what they're doing. They get paid off this.
If you let restaurants sicken people for profit, it doesn't matter if the people there are idiots. You will end up paying for their hospital bills anyway
Use a Linux distro (Score:1)
[1]Distro Watch [distrowatch.com]
[1] https://distrowatch.com/
shocker! (Score:4, Informative)
the internet is full of shitbags, news at 11
heres a fucking thought how about people develop defense's as well? average people moved off to "apps" and "stores" a decade or more ago, meaning grandma isn't downloading winzip and bombing her PC anymore... the rest of us should know god damned better when downloading a program and the website is "softdickinformerrrer.ru" on the top of googles shitty search
its not like we havent endured a decade of clicking on a download link on a legit site and the shitbag page has 90 ad's with green "download now" buttons on it (looking at you ultra VNC get your shit together already, its not 2006 anymore)
Re: (Score:2)
> the internet is full of shitbags, news at 11
(sadly): s/internet/world/