Malware Campaign Abuses Google Adwords and Google Sites

Researchers at HackRead discovered a malware distribution campaign that abuses Google Adwords to appear at the top of search engine results when users search for antivirus software or the Chrome web browser. The campaign hosts the malware on a Google Sites page, a tool provided through Google’s G Suite that allows users to create collaboration and file-sharing pages. The campaign uses Google Sites to trick users into thinking they are downloading the legitimate Chrome browser installation file. If a user clicks the “Download Chrome” button, they are redirected to a Google Drive link that downloads a malicious file named ChromeSetup.exe to the user’s system. Similar scams have recently been observed targeting users of cryptocurrency exchange sites in an attempt to steal login credentials and funds from the associated accounts.The NJCCIC recommends users review the HackRead report and exercise caution when downloading files from the internet. Users can check the integrity of files by uploading them to sites such as VirusTotalMalwr, or Metadefender that provide free online tools used to analyze files and URLs for embedded malware. Additionally, we encourage users to install a reputable ad-blocking browser extension to help mitigate this threat.