A Reddit user looking download and install the free image editor GIMP has discovered a devious malware campaign using contextual Google search ads to trick unsuspecting users into installing the RedLine stealer malware. The user who uncovered and reported this campaign almost fell prey to it himself, until Windows Defender made him think twice about running the executable file he downloaded after clicking on the first search result for GIMP. As it turned out, the top search result was an ad that sent the user to a malicious clone of the official GIMP website, even though the result was listed as “gimp.org,” which is the domain name for the official website.
One method threat actors use to distribute malware is known as SEO poisoning, with SEO standing for search engine optimization. SEO poisoning leverages various SEO techniques, such as filling a webpage’s source code with tons of keywords, to raise a malicious website’s ranking within the search results. If a threat actor manages to game the search results in this way and place a malicious website near the top of the search results, users may visit the malicious website and download malware without realizing it. However, this newly discovered malware campaign demonstrates that threat actors don’t need to employ SEO tactics to place a malicious website at the top of the search results if they can instead pay Google to do that for them.
Prior to reporting the ad to Google as malicious, a Reddit user found that searching...
Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMiUWh0dHBzOi8vaG90aGFyZHdhcmUuY29tL25ld3MvZ29vZ2xlLWFkcy1naW1wLW9mZmljaWFsLXdlYnNpdGUtZXhwb3NlZC1wY3MtbWFsd2FyZdIBAA?oc=5
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
