Fake Google ads used to lure victims to malware-rigged Signal, Telegram websites

News
By published

Drive-by-download campaigns are poisoning Google’s search results, warns experts

Trojan
(Image credit: wk1003mike / Shutterstock)

Cybercriminals are using malicious Google Ads and web pages to lure unsuspecting users into downloading and executing an information stealing malware.

Cybersecurity experts at eSentire have shared details about this new campaign that places Google Ads to take users to a fraudulently replicated download page for secure chat applications, such as Signal.

Instead of the installer for the legitimate app, the download link on the fake page pushes AutoIT scripts, which then deploy the Redline Stealer, which is one of the most popular information stealing malware.

“They [threat actors] are spending money to purchase Google ads (although they could be using stolen credit cards to purchase the ad space), and they have spent time creating believable ads and almost exact replicas of the download pages for some of the most popular secure chat applications,” said Spence Hutchinson, Manager of Threat Intelligence for eSentire. 

Drive-by-Download campaigns

The company also suggests that stolen information is either sold on the dark web or directly used in further intrusions and fraud campaigns. 

During its breakdown of the campaign, eSentire notes that not only have these drive-by-download campaigns become the most popular threat vector, they are also increasingly poisoning Google’s search results.

In addition to the current campaign, eSentire also shares details about previous campaigns that lure users with fake Google ads for business productivity tools such as remote desktop software like AnyDesk, file hosting services like Dropbox, and the Telegram messenger. 

“Corporate internal security teams and external security teams need to make sure employees are very aware of the different tactics threat actors are using to lure them to malicious web pages, malicious ads and malicious documents,” warns eSentire in its advisory against the new campaign.

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
QR Code
Hackers are targeting Signal with new QR code-linked cyberattack
malware
Google warns of legit VPN apps being used to infect devices with malware
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Ray-Ban Meta Smart Glasses

Samsung's rumored smart specs may be launching before the end of 2025
See more latest
Most Popular
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD
Asus Vivobook 18
The Asus Vivobook 18 is the only affordable 18-inch laptop right now, and it comes with a powerful CPU no other laptop has
Peter Claffey as Ser Duncan the Tall in The Knight Of The Seven Kingdoms
A Knight Of The Seven Kingdoms: The Hedge Knight – everything we know so far about HBO's Game of Thrones prequel
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework