Posted on February 23, 2021 at 4:43 PM
Hackers Subvert Google Alert Service to Spread Malware
Researchers at Bleeping Computer reported that hackers are utilizing Google Alerts to promote bogus Adobe Flash Player updater. The malware goes on to plant other unwanted programs on the user’s computer.
Google Alert is a content notification service offered by search engine and tech giant Google. The notification service works by sending emails to users when it detects new results from blogs, newspaper articles, or web pages that are similar to the user’s search term.
Google has stopped offering support for Adobe Flash Player on December 31. But many users are not aware or are not bothered about the security implication of using outdated software.
Now hackers are taking advantage of users who are still using the expired flash player.
The hackers make fake stories using terms containing popular keywords indexed by Google Search. Once it’s indexed the users looking for those keywords are alerted by Google. However, while the user is clicking the link sent by Google Alerts, they are redirected to the hacker’s malicious site.
Initially, the hackers redirect the users to sites that send fake giveaways, unwanted extensions, or browser notification spam from very popular sites. But the threat actors changed their operational campaign over the weekend. This time, they started targeting users, telling them their Flash Player is obsolete and the need to install an updater.
Threat actors utilized genuine alerts
However, Adobe Flash Player was discontinued in December and no update has been released since then. Adobe also warned users that they should uninstall Flash Player to help protect their system.
“Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems,” the recommendation reads from Adobe’s site.
Since the stories are coming from Google Alerts, the hacker hoped that the targets would believe the alert is legitimate As a result, many users have already fallen prey to the situation and security researchers have warned users to uninstall the flash player as soon as possible.
If the target agrees to install the update, the page redirects to a file that installs an unwanted program known as One Updater.
Google has warned users that if they come across such redirection to such websites, the best thing to do is to close the browser window immediately.
KnowBe4’s security awareness advocate Javvad Malik stated that threat actors are now looking for more convincible ways to infiltrate users’ inboxes. In the past, they predominantly use their malware to access user phones. But security researchers have developed tools that can stop this malware completely. Unfortunately, spam filters or email gateways cannot stop alerts since they are presumably coming from a genuine source.
Since the users trust the alert and have no kind of suspicion, they are more likely to click them. That’s the reason it’s necessary for users to always be careful even when they are responding to genuine channels. They should not put 100% trust in any site or channel simply because they look genuine.
Protection against malicious attacks
Malik says if users are redirected to a page where there are unwanted downloads of pop-ups, they should close the page immediately and contact their IT security team to make sure the system is safe.
Ray Kelly, the principal security specialist at WhiteHat Security, stated that the hackers are using a clever approach to compromise systems.
He said conventional threat actors would have executed the campaign using standard phishing methods. However, the malicious emails are no longer as potent as they used to be.
The threat actors have also improved when it comes to creating a clever title that can lure victims to respond.
As a result, the trend for hackers is to take advantage of vulnerable or outdated genuine software to plant their malware on users’ systems. But the good thing is, users can still prevent being victims if their systems are always updated for protection against malware infection.
Security teams should also educate users more on the awareness of emerging threats and how to prevent them.