Protect Yourself from Cyber Scams: How Fake Google Ads Trick Users into Installing Dangerous Malware

Cyber ThreatsTips
Written By Margaret Noel

Just Because It Says Google, Doesn't Mean It Is Google

Imagine this: you’ve finally decided to secure your online banking by downloading the Google Authenticator app. You search for it on Google, click the first ad, and follow the prompts to install the software. But without knowing it, a Russian hacker has tricked you into installing malware on your computer. This isn’t just any malware—it’s really bad malware.

The Danger Behind Fake Ads

The ad you clicked seemed like it was from Google, but it was actually a fake created by a malicious actor using a fraudulent account. When you clicked on the ad, you were redirected to a decoy website that downloaded a dangerous file from GitHub, a trusted cloud resource. The file, named "Authenticator.exe," was even digitally signed, making it look legitimate to your computer.

This malware, called DeerStealer, is designed to steal your personal data and send it to a command station controlled by the attacker. This means your sensitive information—like login credentials and financial data—is now compromised.

What This Means for You

If the hacker gains access to your usernames and passwords, they can log into your online banking, email, or social media accounts. From there, they can drain your bank accounts, steal your identity, or even use your social media profiles to spread malware to your contacts.

Why 2FA Matters

You might be wondering, “What even is 2FA, and why do I need it?”

Two-factor authentication (2FA) is a security process requiring two different authentication factors to access a system, network, or application. It adds an extra layer of security to the traditional password-only method, making it much harder for hackers to gain unauthorized access. Typically, this means using your username and password, along with a 6-digit code generated every 60 seconds by a trusted application like Google Authenticator.

Even if a hacker has your password, they can’t access your account without the time-sensitive code generated by Google Authenticator. However, the irony is that even when you’re trying to improve your security by using Google Authenticator, you might fall prey to cybercriminals if you don’t download it from the official website.

How to Protect Yourself

To avoid falling victim to such cyber attacks, it’s crucial to verify the authenticity of the software and its source. Here are some tips:

  • Be cautious of links: Just because a link leads to Google Drive, GitHub, Amazon AWS, or other legitimate sites doesn’t mean the file hosted there is safe.

  • Verify digital signatures: A digital signature only ensures that the file hasn’t been altered since it was signed. It doesn’t guarantee that the file is safe.

  • Use reputable sources: Always download software from official repositories or trusted sources.

  • Check for viruses: Use antivirus software to scan files before downloading them.

  • Use browser security filters: Enable browser security filters to block access to malicious websites.

  • Use a VPN: A VPN can encrypt your internet connection and protect your data.

Final Advice

If you’re a Trusted Internet client, know that our technology and team are here to help, even if you fall victim. We can alert you or block the files associated with this or similar cybercriminal operations, providing protection even if you fall for such traps.

Our founder and CEO, Jeff Stutzman, offers this simple advice:

“Here’s the bottom line. If you’re going to download something onto one of your devices, download it from a reputable place:

  • If it’s Google, use the Play Store.

  • If it’s Microsoft, use the Microsoft Store.

  • If it’s Apple, use the Apple Store.

Most users won’t be able to check digital signatures or perform all the necessary checks, but the official stores typically do that for you. Download from one of the stores, and you’ll be just fine.”

This discovery was originally made by the researchers at MalwareBytes Labs. You can read more about it here.

Reach out if you or your business need cyber security experts to protect your devices and information.

Margaret Noel
Previous

Where Are VPNs Illegal or Restricted? A Global Guide to VPN Usage
Next

Workshop: NIST 800-171 Compliance, on September 18 in Concord, NH