Malvertising attempts that affect Google Ads are becoming more prevalent. Although the method of persuading internet users to download malware by clicking on seemingly legal advertisements is not new, it has gained popularity as malware has become more sophisticated, and valuable credentials have been captured as a result. Security experts advise care when clicking on the ads at the top of the search engine’s home page.


At the moment, Google is being used by cybercriminals to distribute malware through countless imitation ads. Rhadamanthys virus is disseminated through phony OBS advertisements, a streaming service. Since then, security experts have discovered a number of further continuing malvertising schemes employing counterfeit advertisements for goods like AnyDesk, a platform used by IT teams for troubleshooting user issues remotely.


Attacks that succeed can have serious repercussions. After clicking on a fraudulent phishing link while attempting to download OBS, a Twitter user going by the handle @NFTGod claims to have lost a “life-altering” sum of money as a result of an “instantly violating and final” attack.


Modus Operandi


The hackers appear to be utilizing both ad hijacking and SEO poisoning, a practice whereby criminals modify their advertisements’ search engine optimization in order to elevate them to the top of the Google search results page.


Cybercriminals might install their virus on the victim’s computer when users click a fake link. Low-skilled hackers can obtain necessary credentials and sell them on the dark web thanks to malware-as-a-service offerings that are increasingly being made available for sale as increasingly sophisticated software.


Although the methodology is neither novel nor unusual in terms of malvertising, its popularity is growing as payload sophistication rises.


The businesses exploited in these deceptive advertising campaigns are typically ones that provide free business tools. The usage of YouTube in malicious advertising efforts in the past shows that large firms can also be targeted. In order to boost their chances of attracting a victim while interacting with websites like YouTube, hackers may add an additional layer of obfuscation, such as domain cloaking.


According to an analysis from ad-tech company PubLift, one in every 100 web advertisements traffic in harmful information. In order to defend against these potentially debilitating malvertising attacks, legitimate websites “need to stay on top of the dangers on both the supply and demand side,” according to the report.


The value of stolen credentials is rising, enhancing the allure of malvertising for criminals. According to a report by Accenture’s cyber threat intelligence team, Russian Market, one of the well-known credentials marketplaces, was selling victim data for an average price of $10 per log. Between July and October 2022, the overall number of logs for sale in this market increased by almost 40%, from about 3.3 million to 4.5 million.


Can Google ads be Trusted?

According to Higgins, the tendency will continue to be driven by the increasing sophistication of malware. The author claims that cybercriminals are attracted to the fact that some off-the-shelf code can get so much information from their victims because it spares them from having to do any heavy lifting. This trend will only increase as criminal chances, such as installing executable programs and collecting crypto credentials become more prevalent.

However, according to Javaad Malik, chief security awareness advocate at KnowBe4, Google is expected to take steps to discourage hackers from using the top of its search page for their malicious advertising campaigns. He claims that “the world of cyber is very much a cat and mouse game.” “As one door closes, crooks will seek to take advantage of another one. Google is therefore expected to act swiftly to address this gap that is being used to distribute malware-laced adverts.


The ever increasing dependence of humanity over the internet is promising yet alarming. Severe dearth of digital awareness is the biggest caveat that needs proper attention. Civil society organizations and Corporate giants can play a critical role in educating laymen about the proper and safe use of the internet along with the significance of cyber hygiene, which is overlooked easily.




Author: Mr. Shrey Madaan, Junior Consultant, CyberPeace Foundation

Leave a Reply

About Cyber Peace Corps

Address: B-55 MIG, Ranchi Jharkhand, India
Phone: (+91) 82350 58865
Email[email protected]