Google Adwords, the advertising platform of the search engine giant, is being abused by scammers who want to transmit malware to users in search of genuine and popular applications.

Although Google’s security procedures are normally rather effective, experts discovered that they may be circumvented.

Simple software clones would be infected with a data stealer in this campaign. Targets may include Grammarly, MSI Afterburner, Slack, and others. In this situation, the attackers were using the IceID malware loader and the Raccoon Stealer malware. Next, they’d set up a landing website from which victims could access the malicious software distribution channels. These sites mimic the appearance and feel of authentic ones.

How to Fool Google

The next step would be to make a Google Adwords ad. This would ensure that the advertisements would appear in multiple locations anytime someone searched for these shows or other related terms (including the top positions on the Google search engine results page).

Google’s algorithm is rather adept at identifying harmful websites that distribute malware. As a second layer of defence, the attackers would construct a seemingly innocuous landing page that the ad would direct users to.

Visitors to the page would be forcibly redirected to a malicious domain.

While it’s fairly uncommon for malware to be spread by cyberattack operations that use seemingly genuine software, researchers have had a hard time figuring out how to actually direct victims to the malicious websites. After discovering a massive effort involving over 200 bogus names in late October, researchers have only just now learned how the domains were promoted.

It is reasonable to assume that Google will immediately end the effort now that the scheme has been exposed.

The criminals were also posing as the following applications: Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.