A new malware scam has surfaced in the wild.
This particular scam will trick the victim into downloading a fake Google Chrome installer however, an infected file installs “Potentially Unwanted Programs” (PUP’s).
Google AdWords is an online advertising service that will let a customer pay Google to promote their product in a prominent slot when a particular item is searched in Google.
Attackers are paying Google to display their website at the top when items are searched. Researchers believe that Google does not scan links in the advertisement application process. According to Google, “Google Sites structured wiki- and Web page-creation tool offered by Google as part of the G Suite productivity suite.”
The main purpose of Google Sites is to allow for anyone to create a team based site where multiple users can share files. Once on the site, the victim is then tricked into downloading what appears to be Google Chrome when in reality, it is a malicious download.
The scams have been reported to Google however, the two problems are still unaddressed. Users are warned to take extra precaution when visiting an unknown site.
This is not the first time that attackers have taken advantage of Google AdWords and will not be the last.