Google is the largest search engine with the most users on the face of this planet. Its ad platform dubbed Google Ads is used by advertisers worldwide to show ads on websites to market their products and services which is what makes it at the core of any business. However, cybercriminals are using the advent of Google Ads to inject malicious codes into clients’ devices.
According to the latest report by Guardio Labs, hackers are using the Google Ads platform to inject malware on affected devices. Dubbed the “MasquerAds”, hackers are targeting websites of organizations, crypto wallets, and GPUs among others.
How MasquerAds Work?
To expect in simple language, assume that you are a user searching for Grammarly. When you go to Google, you get the results along with Grammarly’s and like-services ads on the first page itself. Whenever you click on any link, you will go to their website or landing phase.
In the case of MasquerAds, the hackers (advertisers in this case) create clones of original websites like Grammarly, Thunderbird, Malwarebytes, MSI Afterburner, Dashlane, and Slack among others, and showcase an ad that runs on top of the page. Whenever an unsuspecting user clicks on these forged and duplicate ads, this triggers a series of actions where the hackers inject malware payload into the client’s device.
The report mentioned that there are multiple versions of malware such as IcedID malware loader, Vidar Stealer, and variants of Raccoon Stealer that are injected into the client’s device where the browser is not aware of it at all. The malware keeps a low profile without triggering any anti-virus programs whatsoever.
Google can block the campaign of these ads in case it detects that the said ad is packing in malware. These malware can do a lot including but not limited to stealing critical user data among others.
Note that devices with Ad Blockers installed on browsers reportedly get rid of such rogue and disguised links from search engineers.