{"id":477005,"date":"2023-01-19T13:36:29","date_gmt":"2023-01-19T11:36:29","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=477005"},"modified":"2023-01-19T13:39:24","modified_gmt":"2023-01-19T11:39:24","slug":"vlc-7-zip-obs-targeted-by-fake-malware-apps-in-google-search-ads","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/477005-vlc-7-zip-obs-targeted-by-fake-malware-apps-in-google-search-ads.html","title":{"rendered":"VLC, 7-Zip, OBS targeted by fake malware apps in Google search ads"},"content":{"rendered":"<p>Hackers are pushing malware through fake website ads claiming to offer popular free software in Google search, Bleeping Computer <strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner\/\" target=\"_blank\" rel=\"noopener\">reports<\/a><\/strong>.<\/p>\n<p>There is already at least one example of someone falling victim to the scheme. Cryptocurrency influencer NFT God was hacked and had his crypto and NFT assets stolen after launching a fake version of Open Broadcaster Software (OBS).<\/p>\n<p>NFT God \u2014 also known as Alex \u2014 had downloaded the malicious software from a Google ad that appeared in his search results. He took to Twitter to share the experience.<\/p>\n<p>The influencer explained that nothing happened when they clicked on the executable. However, not long afterwards, friends notified them that their Twitter account had been compromised.<\/p>\n<p>According to Bleeping Computer, the downloaded executable was likely an information-stealing malware that stripped saved browser passwords, cookies, Discord tokens, and crypto-wallets.<\/p>\n<p>Alex found that their OpenSea NFT marketplace account had also been hacked, with the platform listing a different wallet as the owner of one of their digital assets.<\/p>\n<p>&#8220;I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me,&#8221; Alex <strong><a href=\"https:\/\/twitter.com\/NFT_GOD\/status\/1614442000958324739?s=20&amp;t=Rh9D4pWb8-nWGJleS5QMqg\" target=\"_blank\" rel=\"noopener\">said<\/a><\/strong>.<\/p>\n<p>Their Gmail, Discord, Substack, and cryptocurrency wallets suffered a similar fate.<\/p>\n<p>One of the assets stolen from NFT God \u2014 a Bored Ape NFT \u2014 was sold to another cryptocurrency enthusiast who offered to hold the asset, provided NFT God reimbursed them for what they paid for it.<\/p>\n<p>OBS appears to be only one in a long list of software that malicious actors are using to disguise malware.<\/p>\n<p>Bleeping Computer found other examples of the hacking campaign, including Google search ads for Rufus \u2014 a free software used to create bootable USB flash drives, file compression utility 7-Zip, Notepad++, and VLC Media Player.<\/p>\n<p>It also found a website packed with links to fake software that are distributed exclusively through Google ad search results.<\/p>\n<p>The site&#8217;s rules block search engines from indexing its content to show in search results, only allowing its downloads to be promoted via adverts.<\/p>\n<hr \/>\n<h2 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/476747-lawyers-must-pay-r5-5-million-after-cyberattackers-steal-homebuyers-money.html\" rel=\"bookmark\">Lawyers must pay R5.5 million after cyberattackers steal homebuyer&#8217;s money<\/a><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Malicious actors are distributing information-stealing malware through fake websites advertised in Google search.<\/p>\n","protected":false},"author":341076,"featured_media":464295,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[191,10384,13209,77986,83795,83793],"class_list":["post-477005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cryptocurrency","tag-google-ads","tag-google-search","tag-malicious-software","tag-nft-god","tag-open-broadcaster-software"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/477005"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=477005"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/477005\/revisions"}],"predecessor-version":[{"id":477043,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/477005\/revisions\/477043"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/464295"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=477005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=477005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=477005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}