Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads.
The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attacks.
This underhanded technique highlights the need for increased vigilance and caution when browsing the internet, particularly when clicking on ads.
Hackers abuse Google Search Ads to deploy malware because it allows them to reach a wide audience quickly.
By disguising malicious links as legitimate ads, they can trick users into clicking on them, leading to malware downloads or phishing attempts.
Additionally, Google’s vast user base offers a broad target audience for their attacks. Cybersecurity researchers at Malwarebytes recently identified that hackers are actively abusing Google Search Ads to deploy “Bonanza” malware.
Dynamic Search Ads Delivers Bonanza
Malvertising often stems from injected or intentionally created ads. But, recently, accidental malvertising occurred due to two key factors:-
- Compromised website
- Google Dynamic Search Ads
Without the site owner’s knowledge, a rogue ad for Python developers led to a hacked page, offering the application for download but installing over a dozen malware pieces.
A wedding planning website with customer testimonials got injected with malware and was found to be changing titles and adding overlays promoting software serial keys, like Pycharm.
Google’s Dynamic Search Ads (DSA) auto-generate ads from website content, convenient for advertisers but susceptible to abuse if the site’s content is altered without the owner’s knowledge, leading to misleading ads.
Returning to the investigation’s origin, a Google search for ‘pycharm’ displayed an ad with a mismatch between its title (developer software) and description (wedding planning).
Google Ads created this ad from the hacked page, making the website owner an unwitting victim paying for the malicious ad.
Searchers clicking the ad’s headline for PyCharm could get redirected to the compromised page with the download link.
Running the installer floods your computer with malware, making it useless. Inexperienced criminals load software for commissions, but it’s not a subtle attack.
This unusual incident may have gone unnoticed by the website hackers. Compromised sites are monetized in various ways, and detecting this is tricky, as the ads seem legit.
Recommendations
Here below, we have mentioned all the recommendations offered by the researchers:-
- Stay cautious with ads.
- Don’t download cracked software.
- Regularly check the landing pages linked to your ads.
- Secure your Google Ads account with 2FA to prevent unauthorized access and changes to your campaigns.
- Keep up-to-date with the latest developments in online advertising and cybersecurity.
- Configure email alerts for your Google Ads account to receive notifications of unusual activity or policy violations.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
