Hackers Turn to Google to Deploy Malware

Google is very useful – we all know it.

But useful for whom?

Apparently hackers are setting up fake websites for popular free and open source software to promote downloads through ads and search engine marketing in Google search results.

What the hackers do, among other things, is create fake domains that look like the real ones and which promote free software. They understand Google’s rules for placement, so they do things like age the domains like fine wine before using them. Google knows that recently registered domains are likely malicious.

They might use non-core top level domains (like, for example, .pro) instead of .com and the like.

On these sites they place wonderful descriptions of this free software with, of course, a download of their malware version of the software.

Eventually the antivirus software catches up with it, but it likely takes a while.

Then the bad actors rinse and repeat, with new domains.

They even use Google ADs to spread the malicious word.

These sites and ads promote popular free software such as 7-zip, WinRAR, VLA, OBS and others.

One prominent crypto currency developer lost the contents of his entire online wallet (why was his entire wallet online? No one says that developers are always smart).

A couple of thoughts – if you are going to download a piece of software, run it through a couple of dozen anti-virus engines before you install it. Easy to do and free.

Also, turn on DNS filtering. This is another layer of protection. There are good free versions (that lack centralized management but which are okay for home and small business users) and we sell a paid version which is reasonably priced.

Mostly, do not use hope as your security strategy. It doesn’t always work.

Need help – give us a shout.

Credit: Bleeping Computer

by