VLC, 7-Zip, OBS targeted by fake malware apps in Google search ads
Hackers are pushing malware through fake website ads claiming to offer popular free software in Google search, Bleeping Computer reports.
There is already at least one example of someone falling victim to the scheme. Cryptocurrency influencer NFT God was hacked and had his crypto and NFT assets stolen after launching a fake version of Open Broadcaster Software (OBS).
NFT God — also known as Alex — had downloaded the malicious software from a Google ad that appeared in his search results. He took to Twitter to share the experience.
The influencer explained that nothing happened when they clicked on the executable. However, not long afterwards, friends notified them that their Twitter account had been compromised.
According to Bleeping Computer, the downloaded executable was likely an information-stealing malware that stripped saved browser passwords, cookies, Discord tokens, and crypto-wallets.
Alex found that their OpenSea NFT marketplace account had also been hacked, with the platform listing a different wallet as the owner of one of their digital assets.
“I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me,” Alex said.
Their Gmail, Discord, Substack, and cryptocurrency wallets suffered a similar fate.
One of the assets stolen from NFT God — a Bored Ape NFT — was sold to another cryptocurrency enthusiast who offered to hold the asset, provided NFT God reimbursed them for what they paid for it.
OBS appears to be only one in a long list of software that malicious actors are using to disguise malware.
Bleeping Computer found other examples of the hacking campaign, including Google search ads for Rufus — a free software used to create bootable USB flash drives, file compression utility 7-Zip, Notepad++, and VLC Media Player.
It also found a website packed with links to fake software that are distributed exclusively through Google ad search results.
The site’s rules block search engines from indexing its content to show in search results, only allowing its downloads to be promoted via adverts.
Loading ...