Google Dynamic Search Ads Abused to Unleash Malware ‘Deluge’

Google Dynamic Search Ads Abused to Unleash Malware 'Deluge'

October 30, 2023 at 06:13PM

A new method of using vulnerable websites to deliver malicious ads to search engine users has been discovered. The technique involves using Google’s “dynamic search ads” feature to pair targeted ads with searches. A compromised website was used to serve a fake software ad, overwhelming victims with malware. The researcher believes it may have been accidental. There is a need for improved security measures by both businesses and search engines to prevent such attacks.

The meeting notes discuss a new method that researchers have discovered, which involves using vulnerable websites to deliver targeted ads that contain malware to search engine users. This method takes advantage of Google’s dynamic search ads feature, where ads are paired with search results based on the content of a website’s landing page. The researcher, Jerome Segura, found a fake software ad on a compromised website that exploited this feature and targeted search engine users. Segura believes that the ad may have been created accidentally and not intentionally planned by the threat actor.

Segura explains that when he searched for the keyword “PyCharm,” a sponsored result appeared that matched the search, but the snippet seemed to be pulled from a wedding planning site. Upon further investigation using Google’s Ads Transparency Center, it became apparent that the site’s content was unrelated to PyCharm and focused on weddings instead. The researcher discovered that some pages within the wedding planning site had been injected with spam-generating malware, which led to the display of a malicious PyCharm pop-up. Google’s dynamic ads feature picked up on this malicious content, resulting in the ad being shown to Segura. Clicking on the pop-up link would unleash a significant amount of malware infections that could render the computer unusable.

Segura also highlights the security challenges faced by small- and midsize business websites. Often, these websites are created by web agencies, but there is a lack of follow-up and maintenance, leaving the websites vulnerable to attacks. Outdated core WordPress versions and plugins make these websites easy targets for hackers to compromise. Segura suggests that Google could contribute to user security by flagging cases where targeted ads and website content substantially diverge. For example, an ad for software on a wedding website should raise a red flag, as it doesn’t match the business’s nature.

These meeting notes provide an overview of the new method discovered by researchers, along with insights and suggestions from Jerome Segura on how Google could help address the issue.

Full Article