There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Google ads push fake Google Authenticator site installing malware | The ad displays "google.com" and "https://www.google.com" as the click URL, and the advertiser's identity is verified by Google

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware.

In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search.

What makes the ad more convincing is that it shows ‘google.com’ and “www.google.com” as the click URL, which clearly should not be allowed when a third party creates the advertisement.

We have seen this very effective URL cloaking strategy in past malvertising campaigns, including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.

Malwarebytes noted that the advertiser’s identity is verified by Google, showing another weakness in the ad platform that threat actors abuse.

When the download is executed, it will launch the DeerStealer information-stealing malware, which steals credentials, cookies, and other information stored in your web browser.

Users looking to download software are recommended to avoid clicking on promoted results on Google Search, use an ad blocker, or bookmark the URLs of software projects they typically use.

Before downloading a file, ensure that the URL you’re on corresponds to the project’s official domain. Also, always scan downloaded files with an up-to-date AV tool before executing.

flop_leash_973 ,

This kind of shit is why Googles (and anyone else that tries it as well) ever increasing push to put a layer of ads into anything is so off putting to me. Sure ads are annoying, but they are also probably second only to social engineering as the method for someones device and accounts getting compromised.

I personally will not go back to the days where just the act of visiting a website and clicking on nothing has a good chance of loading some Javascript and infecting my browser or whole device with the drive by malware of the day because the shit heads that run the site are to lazy to vet what they are letting their site call out too and the third party ad networks are to lazy to vet what sorts of things they are allowing their ad networks to serve.

_haha_oh_wow_ ,
@_haha_oh_wow_@sh.itjust.works avatar

“WhY aRe PeOpLe bLoCkInG aDs!?”

-Google

BurningnnTree ,

I’m confused, does this mean that an ad can show the URL “google.com” even though clicking on it will take you to a different URL? Why doesn’t Google just make it so that the ad shows the actual URL that the ad links to?

Ghoelian ,

That’s actually pretty simple to do. I don’t know if this is how they did it, but one way is just creating an <a> tag with the href to google.com. that’ll show the destination if you hover over it. Then you just add an event listener to the click event, prevent the default event from executing, and manually redirect somewhere else.

Made a quick example: codepen.io/Ghoelian/pen/poXeOyo

catloaf ,

Yes, but ads shouldn’t have that level of control. They should provide an image or video and a link.

paraphrand ,

Google.com isn’t at the top of the banned words list?

helenslunch ,
@helenslunch@feddit.nl avatar

At Google’s pace they’ll probably fix this in 10 years or so.

trashgirlfriend ,

As a p1 bug it will likely be looked at by someone within the next 1-2 years

kevincox ,
@kevincox@lemmy.ml avatar

Allowing showing different domains than the actual click target is wildly reckless and should be punishable.

“Oh but our poor advertisers want to use click tracking and it is too hard to set up on their main domain”. Oh boo hoo, I’m sure if it is important to them they will figure it out.

trashgirlfriend ,

I worked for Google Ads support for a while and even this dumbed down system completely stumped so many fucking people.

God I hate advertising and advertisers so much.

These useless fucking cunts wanted every feature imaginable, setup for free, with no effort of research done from them.

That job made me hate taxi drivers so much.

uninvitedguest ,
@uninvitedguest@lemmy.ca avatar

What do taxi drivers have to do with it?

Telorand ,

The ad blocking will continue until malvertisement prevention improves.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •