Monday, October 7, 2024
HomeCyber AttackHackers Abuse Google Search Ads to Deploy Bonanza Malware

Hackers Abuse Google Search Ads to Deploy Bonanza Malware

Published on

Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads.

The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attacks.

This underhanded technique highlights the need for increased vigilance and caution when browsing the internet, particularly when clicking on ads.

- Advertisement - EHA

Hackers abuse Google Search Ads to deploy malware because it allows them to reach a wide audience quickly. 

By disguising malicious links as legitimate ads, they can trick users into clicking on them, leading to malware downloads or phishing attempts.

Additionally, Google’s vast user base offers a broad target audience for their attacks. Cybersecurity researchers at Malwarebytes recently identified that hackers are actively abusing Google Search Ads to deploy “Bonanza” malware.

Dynamic Search Ads Delivers Bonanza

Malvertising often stems from injected or intentionally created ads. But, recently, accidental malvertising occurred due to two key factors:- 

  • Compromised website
  • Google Dynamic Search Ads

Without the site owner’s knowledge, a rogue ad for Python developers led to a hacked page, offering the application for download but installing over a dozen malware pieces.

A wedding planning website with customer testimonials got injected with malware and was found to be changing titles and adding overlays promoting software serial keys, like Pycharm.

Hackers Abuse Google Search Ads
PyCharm Serial Key (Source – Malwarebytes)

Google’s Dynamic Search Ads (DSA) auto-generate ads from website content, convenient for advertisers but susceptible to abuse if the site’s content is altered without the owner’s knowledge, leading to misleading ads.

Hackers Abuse Google Search Ads
Dynamic Search Ads (Source – Malwarebytes)

Returning to the investigation’s origin, a Google search for ‘pycharm’ displayed an ad with a mismatch between its title (developer software) and description (wedding planning).

Google Ads created this ad from the hacked page, making the website owner an unwitting victim paying for the malicious ad.

Hackers Abuse Google Search Ads
Malicious Ad (Source – Malwarebytes)

Searchers clicking the ad’s headline for PyCharm could get redirected to the compromised page with the download link.

Running the installer floods your computer with malware, making it useless. Inexperienced criminals load software for commissions, but it’s not a subtle attack.

This unusual incident may have gone unnoticed by the website hackers. Compromised sites are monetized in various ways, and detecting this is tricky, as the ads seem legit.

Recommendations

Here below, we have mentioned all the recommendations offered by the researchers:-

  • Stay cautious with ads. 
  • Don’t download cracked software. 
  • Regularly check the landing pages linked to your ads.
  • Secure your Google Ads account with 2FA to prevent unauthorized access and changes to your campaigns.
  • Keep up-to-date with the latest developments in online advertising and cybersecurity.
  • Configure email alerts for your Google Ads account to receive notifications of unusual activity or policy violations.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...