



Google once again puts malicious websites in a more prominent position than legitimate pages in search results. This time, according to a Reddit user (Opens in a new tab) in the popular PC Master Race subreddit (via PC World (Opens in a new tab)), some users are searching for AMD driver downloads. in the results.

The links in question are Google’s contextually curated ad links that appear above the search results, rather than being part of the search results themselves. While we were unable to reproduce the results, we were able to confirm that the malicious website displayed in the Reddit contributor’s search results was sufficiently genuine.

The site mimics the design and branding of AMD’s official website, including the use of AMD IP, with the heading “Automatically detect and install driver updates for AMD Radeon series graphics and Ryzen chipsets.” Below is a link to a highly suspicious .exe file to download.

Needless to say, we do not recommend visiting the website. Even less, we do not recommend downloading the .exe file.

This is not the first time something like this has happened. Last month, a phisher bought a Google ad slot to impersonate him on Whatsapp (opens in a new tab), while his EVGA website, a fake one created around his Memorial Day sales event, turned into the official site. was more conspicuous than Last year’s search results page. But it’s especially disappointing to see Google linking to something that’s clearly not his legitimate website, facilitating the distribution of malware at the top of the search results page.

The malicious nature of this website should have been obvious to Google, but a glance was enough to convince ordinary PC users. Fully branded with AMD logo. There are also some working hyperlinks directing the user to legitimate parts of his official AMD website.

(Image credit: Future)

Of course, since most of the links are circularly redirecting to the same highly suspicious URL, no further inspection is done. But it’s not at all difficult to imagine someone lands on that page, sees a nice “download” and fires.

I don’t know what is malicious in the malicious .exe file. But I hope you’ll forgive me for not sacrificing my Windows installation to look into it.

