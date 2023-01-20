



We’re seeing more and more worrisome phenomena on the web right now, such as scammers buying Google’s top advertising spots to spread their malicious code. It often masquerades as a well-known app like WhatsApp (opens in new tab) and blends seamlessly with harmless ads. If you don’t know the exact URL of the app you’re trying to download, you could end up downloading something harmful.

We have watched phishing tactics evolve over the years. Buying ads to masquerade as free and open source apps is not new for scammers, but it seems to be on the rise with the trend of investing in NFTs and cryptocurrencies. It’s happening all over the internet.

If there’s a billion-dollar phishing scam, they’re definitely targeting that area. In fact, just this week, NFT God’s “whole digital life” dried up after clicking his official-looking OBS link (opens in new tab).

Even hardware manufacturers are exposed to this kind of imitation, such as fake AMD driver download (opens in new tab) links found on Google. Miller’s EVGA site was also discovered on Google late last year.

Bleeping Computer (opens in new tab) investigated the incident and found that phishing scams dominated the top and disturbing number of Google ads, one of which was in fact flagged by antivirus products. It turned out to be only part.

Among them is a fake link for the bootable USB flash drive creation tool Rufus at the top of Google, rounded with the word “pro”, making the link more attractive to potential victims. . Clicking on the link takes you to a compressed file download hidden behind a seemingly secure file transfer service. This is known as a zipper bomb or decompression bomb, and he is one of the more difficult tactics to detect.

Scammers have also been found to use something called typosquatting.In the case of “notepad-plus-plus.com”, it was close enough to the expected URL that many suspected it to be malicious. Is not.

Scammers are also behind seemingly legitimate tech companies, as in the case of 7-ZIP, WinRAR, and VLC, which were found on sites full of malicious links impersonating the Indian web design firm known as Zensoft Tech. sometimes hidden in

“As part of these verification programs, Google makes best efforts to review and verify information provided by advertisers. Activity.”

Google’s own policy on ad network abuse (opens in a new tab) states: “Computer viruses, ransomware, worms, Trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software and other malicious It clarifies that “programs and apps” are not allowed. Linked through advertising. This refers to both “advertisements and software hosted or linked to by the Site or App.”

However, “Violation of this policy will not result in immediate account suspension without prior warning. A warning will be issued at least seven days prior to account suspension.” I think it’s to give the hacked site a chance to get the URL back if it becomes a victim.

Despite calls for social media companies to be more responsible for the content posted on their sites (opens in a new tab), web users have reacted to Google’s somewhat disrespectful attitude. It won’t hold up for long.

