A threat actor was found abusing Google Ads to distribute a trojanised version of the CPU-Z tool to deliver the Redline info-stealing malware.
Threat actors were found using Google Ads to redirect users to a cloned copy of the legitimate Windows news site Windows Report.
Clicking on the ad takes the victim through a redirect step that tricks Google’s anti-abuse crawlers by sending invalid visitors to an innocuous site, a report from Bleeping Computer said.
Those deemed valid to receive the payload are redirected to a Windows news site that lookalike hosted on a number of different domains. Users are then presented with a “Download now” button that results in them installing a malicious script that loads the malware on devices.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
This malware is a powerful stealer able to collect passwords, cookies, and browsing data from a range of web browsers and applications, as well as sensitive data from cryptocurrency wallets.
Users are advised to be careful when clicking on promoted results in Google Search and check the loaded site and the domain match before downloading any files. Users can also make use of adblockers to automatically hide such results from their search results.