You can’t always trust what you see on the internet, even when you’re on a reputable website. At least, not when advertising is involved. Hackers buy ads and use them to trick unsuspecting individuals into downloading malicious software. This ploy has come up again and again—and most recently, it targeted Google’s own products.
As reported by Bleeping Computer, Malwarebytes discovered use of Google’s sponsored search engine ads to spread shady downloads for Google Authenticator. The app generates two-factor authentication codes, a common method to bolster password security.
The format of Google’s text advertisements allow bad actors to display legitimate web addresses (like www.google.com), but direct users to fake sites with malware. Such software can be used for a number of purposes, including spying on users and stealing potentially sensitive information.
Google has since removed the phony Google Authenticator ad from its results. Similar malvertising campaigns have been previously discovered targeting AMD, Bitwarden, and KeePass users, among many other products and services.
You can read more about the technical details of how this advertisement spread its malware in Bleeping Computer, but to stay clear of sponsored ads, you can try these tips:
- Check for an ad label.
- Scroll down the list of search results. Text ads for legitimate websites usually appear again as normal search results, and often within the top five. Use the link that shows up further down the page.
- Click the three-dot icon next to a search result and check the identity of the website source.
- Install an ad-blocking extension like uBlock Origin, which will hide sponsored text ads.
- Use antivirus software that will block phony sites.
Incidentally, don’t underestimate how helpful a good antivirus program can be—these days, it can be the last thing that stands between you and online dangers out of your control.