Cybersecurity experts have spotted numerous sponsored links posing as Slack, Microsoft or LibreOffice. These clone sites hide data theft software.
Be careful when browsing Google. The first links you see in a search are usually sponsored sites, which have paid to be placed at the top of the engine. However, there is a chance that these are just fake platforms created by hackers to trick you.
Many cyber experts alert Internet users on social networks: stealers – a Trojan horse that steals information – are hiding in these famous public links. Germán Fernández, expert at CronUpis one of the first to have analyzed this campaign on January 21, MalwareHunterTeam trackingan account that specializes in reporting malware.
The current campaign focuses on popular software, on which there is the highest potential for searches… and therefore victims. Criminals set up clone sites of Slack, Microsoft Teams, TeamViewer, LibreOffice, Adobe or AnyDesk, to name just a few examples.
A year-long campaign
By clicking on the advertisements, visitors are directed to a download portal to install the rogue programs. The researchers spotted a slew of hacker-popular malware—Redline Stealer, Vidar, IcedID, Aurora—and ransomware. Stealers are used to exfiltrate data quickly, digging into cookies and password managers to steal all possible credentials.
These campaigns are not new and have been monitored by experts for nearly a year. The launch of links containing stealers dates from autumn 2022. Many hackers have adopted this modus operandi to set traps and exchange techniques on forums dedicated to hackers.
If a site seems suspicious to you, you can report it to Google by clicking on the gray arrow to the right of the link. The search engine will take care of analyzing it and taking action, if necessary.
Subscribe to Numerama on Google News to not miss any news!