A new malware scam has surfaced in the wild.
This particular scam will trick the victim into downloading a fake Google Chrome installer however, an infected file installs “Potentially Unwanted Programs” (PUP’s).
Google AdWords is an online advertising service that will let a customer pay Google to promote their product in a prominent slot when a particular item is searched in Google.
Attackers are paying Google to display their website at the top when items are searched. Researchers believe that Google does not scan links in the advertisement application process. According to Google, “Google Sites structured wiki- and Web page-creation tool offered by Google as part of the G Suite productivity suite.”
The main purpose of Google Sites is to allow for anyone to create a team based site where multiple users can share files. Once on the site, the victim is then tricked into downloading what appears to be Google Chrome when in reality, it is a malicious download.
The scams have been reported to Google however, the two problems are still unaddressed. Users are warned to take extra precaution when visiting an unknown site.
This is not the first time that attackers have taken advantage of Google AdWords and will not be the last.
Our Counterintelligence Team gathers information and conducts operations to identify threats to an organization so that they can better protect against malicious activity. We accomplish this by combining advanced technology with skilled and experienced intelligence specialists. Our goal is to protect your data, your brand and your people.