HQ/EMEAFind out how we can help your business
A newly emerged malvertising campaign has abused Google Ads to compromise users who search for password managers online. Malicious entities have continuously increased their campaigns through the Google Ads platform to attack unaware users.
These threat groups deceived users by redirecting them to their fake websites and spreading malware. Last month, the FBI notified everyone regarding the surge of attacks from hackers that spoofed the websites of financial organisations to trick users into giving their credentials and financial details.
Google Ads abusers target users looking for specific password managers.
According to investigations, the threat actors who have abused Google Ads are currently targeting users looking for well-known password manager tools like the 1Password. The users experienced redirections to fake sponsored websites as soon as they clicked the top results in search engines.
The initial method of the attack is that the users will land on a legitimate domain called 1password[.]com. However, the second one will redirect them to another domain named start1password[.]com.
These two domains claim to offer the 1Password tool and include HTTPS in their URLs. Hence, unaware users could suffer confusion as to what domain is legitimate.
One of the threat groups that recently abused Google Ads is DEV-0569. This group has spread malware, stolen passwords, and breached networks for ransomware attacks by exploiting ads.
In addition, the new Rhadamanthys Stealer malware has also circulated the cybercriminal landscape to bait their targets and redirect them to phishing sites that impersonate well-known software through Google Ads.
Researchers stated that the Rhadamanthys Stealer distributed several variants of the IcedID botnet and Raccoon Stealer to execute data harvesting campaigns against their targets.
Cybersecurity experts explained that internet users should now be observant that they will access or click on search engines since these browsers could display compromised websites at the top of search results.
Internet users can use a legitimate Ad-blocker tool for their web browsers to eliminate the promoted results from Google Search. This strategy could block Google Ad campaigns and mitigate the chances of getting breached by hackers.
