Malware Delivered through Google Search – Schneier on Security

1 year ago AndyC

Malware
Delivered
through
Google
Search

Criminals
using
Google
search
ads
to
deliver
malware
isn’t
new,
but
Ars
Technica

declared
that
the
problem
has
become
much
worse
recently.

Malware
Delivered
through
Google
Search

Criminals
using
Google
search
ads
to
deliver
malware
isn’t
new,
but
Ars
Technica

declared
that
the
problem
has
become
much
worse
recently.

The
surge
is
coming
from
numerous
malware
families,
including
AuroraStealer,
IcedID,
Meta
Stealer,
RedLine
Stealer,
Vidar,
Formbook,
and
XLoader.
In
the
past,
these
families
typically
relied
on
phishing
and
malicious
spam
that
attached
Microsoft
Word
documents
with
booby-trapped
macros.
Over
the
past
month,
Google
Ads
has
become
the
go-to
place
for
criminals
to
spread
their
malicious
wares
that
are
disguised
as
legitimate
downloads
by
impersonating
brands
such
as
Adobe
Reader,
Gimp,
Microsoft
Teams,
OBS,
Slack,
Tor,
and
Thunderbird.

[…]

It’s
clear
that
despite
all
the
progress
Google
has
made
filtering
malicious
sites
out
of
returned
ads
and
search
results
over
the
past
couple
decades,
criminals
have
found
ways
to
strike
back.
These
criminals
excel
at
finding
the
latest
techniques
to
counter
the
filtering.
As
soon
as
Google
devises
a
way
to
block
them,
the
criminals
figure
out
new
ways
to
circumvent
those
protections.


Tags:
,
,

Sidebar
photo
of
Bruce
Schneier
by
Joe
MacInnis.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

North Korea-linked IT workers infiltrated hundreds of US firms

North Korea-linked IT workers infiltrated hundreds of US firms

11 hours ago AndyC
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

1 day ago AndyC

Friday Squid Blogging: Emotional Support Squid

1 day ago AndyC
Nissan reveals ransomware attack exposed 53,000 workers' social security numbers

Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers

1 day ago AndyC
City of Wichita disclosed a data breach after the ransomware attack

City of Wichita disclosed a data breach after the ransomware attack

2 days ago AndyC
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

2 days ago AndyC

You may have missed

North Korea-linked IT workers infiltrated hundreds of US firms

North Korea-linked IT workers infiltrated hundreds of US firms

11 hours ago AndyC
The who, where, and how of APT attacks – Week in security with Tony Anscombe

The who, where, and how of APT attacks – Week in security with Tony Anscombe

20 hours ago AndyC
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

1 day ago AndyC

Friday Squid Blogging: Emotional Support Squid

1 day ago AndyC

How to Protect Yourself on Social Networks

1 day ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.