Posted on January 18, 2023 at 5:01 PM
All across the Internet, fake websites are being set up by hackers to download various popular open-source software. Through the use of Google’s advertisement tools to promote malware instead of the actual software.
NFT God One Of The Prominent Victims
The Cryptocurrency space had recently seen one such event take place where a prominent figure within crypto managed to fall victim to this new tactic. The figure in question, NFT God, had his control over his personal and professional accounts stolen alongside the theft of all his crypto assets.
The crypto influencer, also known as Alex, was aiming to download Open Broadcast Software (OBS), an open-source software used for video recording and streaming. NFT God had accidentally launched a fake executable to try and install it, having sourced the executable from Google Ads search results.
According to NFT God, the executable he had downloaded failed to function. Thinking nothing of it, he went about his business, but was alerted by friends that his Twitter accounts had been hacked.
Old Trends Gaining New Traction
More than likely, the malware used stole the information of his saved cookies, passwords, Crypto wallets, and Discord tokens. From there, the browser information was simply sent to the malicious actor that initiated the attack.
NFT God stated that he knew at that moment that everything was gone. He stated that all his NFTs and crypto had been “ripped” from him at that moment. It was more than that, however. Alex soon discovered that his Gmail, Substack, Crypto wallets, and Discord accounts were all compromised, with the hacker being in control of everything.
It should be noted that this strategy isn’t exactly new. Instead, it seems that it’s gained a resurgence in popularity as of late. Reports by cybersecurity companies Guardio and Trend Micro had illuminated the world regarding this tactic, particularly that they were utilizing google ads to push these malware-laced executables.
Everyone Taking Notice
Another prominent figure within the cybersecurity space that took notice of this development is Will Dormann. The security researcher had discovered a number of malicious advertisements, displaying screenshots of the debacle on his Twitter account. A darkly amusing tidbit is the fact that one of the ads for Notepad++ he discovered was legitimate, as the platform was forced to displace the advertisements with its own to try and stem the tide.
Germán Fernández stands as a member of CronUp, a cybersecurity company, and has recently provided a list of 70 domains that are using Google Ads in order to distribute an array of malware through impersonating legitimate pieces of software.
The trends seem to be either having the users download a fake of the software, or alternatively redirect them to another link entirely. Every piece of open-source software is seemingly vulnerable to this impersonation, be it GIMP, Audacity, or VLC.
Some of these malicious programs that Dormann had discovered even boasted an invalid signature from BitDefender.
Google Taking Action
As time went on, more and more security companies and individual experts took notice of this new trend. HP Wolf Security had issued out a report themselves, addressing a campaign quite similar to this one. According to HP Wolf, the earliest recorded instance of this new strategy they had found was back in November of 2022.
After reports were being made, Google had also acted, taking down a number of these malicious websites from their Google Ads systems.
As for how the strategy works for these new malicious actions, it essentially accesses and subsequently steals any and all sensitive data it can. This ranges from autocomplete info to credit card details, to system information and crypto wallets.
A Constant Battle
It seems the latest trend of hacking has been ousted, so far. With any luck, the creativity of these malicious actors will wane for a while, before they inevitably find and utilize a new strategy or exploit to gain access to computers and steal the information therein.
In relation to the above article, it’s recommended that readers should always ensure that the URL they are downloading from seems legitimate, as well as always boasting some sort of antivirus within their systems. The war between cybersecurity experts and malicious hackers will only end when the Internet does, and the likelihood of that happening any time soon seems pretty low. All one can do is ensure your safety, be aware of what is happening, and be prepared with a backup plan should your system be compromised.