This fake Windows news site is spreading malware via hacked Google ads

News
By published

Don't trust everything you see on Google ads

Passwords
Image Credit: Shutterstock (Image credit: Shutterstock)

Someone has been impersonating a known media publication and abusing the Google Ads advertising network, all to deliver the RedLine infostealer malware to people.

A new report from Malwarebytes, found a fake WindowsReport website that was being hosted on almost a dozen different domains. 

On the website, the scammers hosted a trojanized version of CPU-Z, a popular utility tool for Windows that helps users track different hardware components such as CPU clock rates, and similar. The tool, in fact, was RedLine Stealer, a known infostealer capable of exfiltrating sensitive system data, stored passwords, payment information, cookies, cryptocurrency wallet information, and more. 

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Multiple similar campaigns

Then, they created ads and ran them on the Google Ads network, promoting this malicious version of CPU-Z. The cloning of WindowsReport was done to add more legitimacy and trustworthiness to the whole campaign, the researchers speculate. But before users are sent to this website, they’re pulled through a number of redirects, all to evade Google’s anti-abuse crawlers. 

Some users are redirected to benign pages, while others - those more suitable to receive RedLine - are redirected to the final website. We don’t know exactly how the attackers choose their victims. 

To make matters worse, the installer is digitally signed with a valid certificate, meaning Windows security tools and other antivirus products most likely won’t flag it as malicious. 

Malwarebytes has analyzed the threat actors’ infrastructure for this campaign and came to the conclusion that it was created by the same people who recently operated the Notepad++ campaign. This campaign, spotted in late October, was similar in the sense that it, too, included a copy of a legitimate website, and a bunch of malicious ads being served via Google Ads. 

The best way to stay safe is to be extra careful when searching for products and solutions on Google, and to always double-check the URL in the address bar before downloading anything.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Latest in Security
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Data leak
Top collectibles site leaks personal data of nearly a million users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Latest in News
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
Hornet swings their weapon in mid air
Hollow Knight: Silksong could potentially launch this year and I reckon it could be a great game for an Xbox handheld
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
Apple iPhone 16 Pro Max Review
Siri's chances to beat ChatGPT just got a whole lot better
More about security
ransomware avast

Ransomware attacks are costing Government offices a month of downtime on average
Data leak

Top collectibles site leaks personal data of nearly a million users
Google Gemini Canvas

Is Gemini Canvas better than ChatGPT Canvas? I tested out both AI writing tools to find out which is king
See more latest
Most Popular
I Hate This Place artwork
Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
Equal1 Bell-1 quantum computer
This is the first quantum computer you can actually buy (and use, and power): Equal1's Bell-1 uses a standard power socket
Ryzen AI Max+ 395
Obscure Chinese PC vendor gets preferential AMD treatment as Lisa Su signs first desktop PC with Ryzen AI Max+ 395 ahead of May launch
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
SanDisk Slim Dual Drive
This is the first 2TB dual-port external SSD ever and it's not as expensive as you may think
Bimawen B15.6 TV Pro
A sign of things to come? This portable monitor comes with Google TV, a remote control and a very well hidden Android PC
Cassian looking at someone off-camera from a TIE fighter cockpit in Andor season 2
Star Wars: Andor creator is taking a stance against AI by canceling plans to release its scripts, and I completely get why
Kioxia LC9 2.5 SSD
After 7 years, Exadrive's 100TB 2.5-inch SSD is finally superseded by a far superior 122.88TB model from Kioxia
Nintendo x Seattle Mariners partnership
The Nintendo Switch 2 logo will be featured on the Seattle Mariners' baseball jerseys this season
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average