New Malvertising Variant Leverages Google Ads To Serve Malware Through Legitimate Websites

A new type of malvertising campaign that leverages Google ads has been found distributing malware. One such incident has been cited through Google ads served on the popular news site: The New York Times.

Google ads look genuine at first sight. It promotes the download of an Online PDF converter. Clicking on the ad takes visitors to a nice-looking page that includes more information about the product. The page also includes a prominent green button that asks the viewers to ‘Download to Continue’.

However, what the victims miss out before they click on the button is a pop-up that reads, “By clicking the button, you agree to install the Homepage & New Tab and agree to the EULA and Privacy Policy.”

Once the app has been downloaded, users are redirected to a special phishing page that conducts user behavior monitoring by hijacking the browser and the search functionality. The app also silently runs unsecured malicious third-party content within a browser.

By agreeing to such privacy policy without reading can enable third-party affiliates to access victims’ products such as browsers, sites, and credentials. Their machines can also be vulnerable to all kinds of malicious activities.