Friday, May 24, 2024

Hackers Abuse Google Alerts to Promote a Fake Adobe Flash Player Update that Installs Malware

Google Alerts is a content change detection and notification service, offered by the search engine company Google. The service sends emails to the user when it finds new results, such as web pages, newspaper articles, blogs, or scientific research, that match the user’s search term.

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users’ computers.

The bad actors create fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts will alert people who are following those keywords.

Upon clicking the fake stories using a Google redirect link, the visitor will be redirected to the threat actor’s malicious site (as shown below).

Example Google Alerts link for a fake story

After clicking the fake story’s URL directly, the website will state that the page does not exist.

Page does not exist when directly visiting the URL

Experts also observed fake stories being indexed by Google and pushed out by Google Alerts. These have been redirecting users to web pages pushing browser notification spam, unwanted extensions, or fake giveaways.

An Alleged Flash Updater is Offered

The most recent scam that states your Flash Player is outdated and then prompts you to install an updater.

Website stating Flash Player needs to be updated

Once Clicked the ‘Update’ button, the victim will download a setup.msi file that installs a potentially unwanted program called ‘One Updater.’ Even if “One Updater” is not malware, similar software in the past has installed password-stealing Trojans and cryptocurrency miners.

Experts state that if you are redirected to a website, through Google Alerts, Google Search, or any other means and are prompted to install an extension or program update, simply close the browser.

Installing these programs naturally leads to malicious activity or unwanted behavior that only benefits the application developers.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

Google Published a Research Blog About who are the People Prone to cyber-attacks via Email

Apple New Proxy Feature to Prevent Leaking IP Addresses to Google


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles