From PC Mag: Multiple cybersecurity firms reported this week that Google Search ads for what appears to be a Google authenticator actually lead to a download for "DeerStealer" malware. This authenticator was not made by Google, but by an unknown threat actor trying to swipe victims' personal information.
In this case, though, Google's ad settings helped make the fake ads look more convincing. The URL to the malware appeared as "https://www.google.com." Google's site also showed that the advertiser who posted the malware had their identity "verified by Google." The advertiser's location showed that they were based in the US, and the description snippet of the ad itself contained the text: "Official Website."
Unfortunately, this has happened before, as MalwareBytes points out with the convincing—but fake and malicious—Amazon ads that surfaced on Google Search last year.
View: Full Article
