



There have been reports of counterfeit goods being pushed through sponsored ads on Google Search.

At the moment, there is a big movement in the world of deceptive advertising, with multiple forms of fake websites being used as bait to steal login credentials and funds from users.

The story first surfaced a few days ago, with news that a well-known cryptocurrency fan, the “NFT God,” was caught in a fake video recording tool.

NFT God lost almost all of his digitally amassed assets after a malicious executable stole his login credentials and switched his digital wallet details. He landed on this fake video editing tool thanks to a fraudulent sponsored ad that appeared at the top of Google search results.

Once the file was installed, it was set to send all relevant login details back to the base, causing the damage. The impact continued as various logins were compromised and phishing attempts were sent to his 16,000 or so Substack followers.

Fraudulent Ads: Following the Trend

Following this high-profile hijacking story in the cryptocurrency world, Bleeping Computer conducted its own research and discovered that there are many more malicious ads trying to get their attention on Google. It’s not just his fake OBS file that you have to watch out for. A USB boot tool, a PC maintenance tool, multiple unnamed programs, and a malicious Notepad++ spotted by security researcher Will Dormann are just a few of the highlights on display. In fact, several other researchers have also found their own bad ad equivalent that has allowed them to compile a list of over 70 bad ad domains.

The sites used for these scams are typically typosquatting. This is where URLs that look like the real thing but are not identical are used as starting points for malicious downloads. These sites tend to cut out parts of the real site, if not the entire domain, to make it look as convincing as possible. Make sure many clickable URLs in the portal point to the real thing. Whatever it takes to make it look as convincing as possible.

If the fake site is out but not down

Google told Bleeping Computer that the site in question has been removed from its advertising program. This does not necessarily mean that the site has gone offline, it could be waiting for an attack elsewhere. It may easily appear in the normal results of another search engine or be placed in advertising programs of search engines not affiliated with Google.

This also does not mean that all deceptive sites have been removed from search results lists, and caution should always be exercised when advertising is involved.

How do you avoid malicious ads?

It wasn’t long ago that the FBI warned against deceptive ads appearing in search engine results. That warning also included a mention of ad blocking. This may not have been expected by some people to appear in his FBI release.

Advice for avoiding fraudulent ads may include some best practices you already know and use. In an ideal world, you wouldn’t have to worry about such things, but despite the quality control and ad inventory checks in place on major search engines, this keeps happening anyway. In consideration of:

You should have the URL you want. It’s a bit of a rarity that most people are completely unaware of the canonical URLs of major brands, services, products, etc. Your first interaction with this entity will almost certainly result in the real URL being printed on banners, boxes, instruction manuals, and anything else you want to mention. No need to hunt around in search engines, in this case it will take you directly to the site. Search carefully. If you absolutely must go find it, cross-reference the URLs displayed by search engines in your own search. If it’s legitimate, it should be referenced by many people and companies. Report bad ads. If a sponsored ad isn’t working for you, there should be a way to report it from the search engine that found it. You’re doing your part to make sure the next person who comes along stays safe! A prickly blocking problem. If you choose to block ads, please note that the method of blocking may impair the functionality of the site you are visiting. Some sites will ask you to turn off your ad blocker. Using script blocks or disabling JavaScript may break other features. It means “I just started working” rather than “I’m done”.

Don’t just report threats, remove them

Cybersecurity risks shouldn’t spread beyond headlines. Download Malwarebytes now to keep threats away from your device.

Sources 1/ https://Google.com/ 2/ https://www.malwarebytes.com/blog/news/2023/01/rogue-sites-causing-trouble-in-google-advert-results The mention sources can contact us to remove/changing this article

