We all know the top results in a Google search are ads, but they can also look like exactly what you’re searching for, too. If you’re feeling too lazy to scroll down a bit, it can be tempting to just click it anyway. However, that type of behavior could now be considered dangerous. According to a new report, hackers have begun putting ads for fake websites in Google’s sponsored search results. You might think you’re clicking an innocent link to download VLC and end up having your life turned upside down. It’s an embarrassing situation for Google, which promises to protect users from this type of scenario.
News of this new maneuver to trick people into installing malware comes from an unfortunate source: an actual victim who goes by the Twitter handle NFT_God. This person seems to be an influencer type in the world of investing and programming, as they say they have 16,000 Substack subscribers. As noted by BleepingComputer, they detailed a long and sordid tale on Twitter about what happened after they clicked a link to OBS in a sponsored search result. OBS is popular software used to livestream and is both free and open source. They clicked a link in the sponsored results and were taken to what looked like a legit website for OBS.
They downloaded the fake OBS and double-clicked the .exe file to install the software. However, nothing was installed; seemingly, nothing happened at all. Confused but unbothered, the would-be streamer went about their business thinking it was just an odd event. Several hours later, they got a text from a friend notifying them that their Twitter was hacked. After deleting the hacker’s tweets, several hours passed before they received another startling text. This one asked if they had sold their digital NFT ape. After logging into the NFT marketplace OpenSea, they found out a new wallet owned their precious digital JPEG.
The NFT_God writes it was at that moment they knew it was all gone. Everything that was in their account including digital coins, NFTs, everything. They wrote that they lost a “life-changing” amount of their net worth. The final bit was the hackers also took over their Substack, and sent bogus links to all of the subscribers. They were able to remedy that situation and they also wiped their computer and reinstalled Windows as well. In the end, they say it’s a lesson learned, and they’re ready to move on.
What remains to be explained is how these links got into Google search results, to begin with. Threat analyst Will Dormann has been digging into the issue and the results are not promising. He has posted links to a plethora of fake links still showing up in search results.
Dormann was still able to find malware-laden search results for a wide range of popular freeware utilities. Those include VLC, Libre Office, 7-Zip, and others. According to what we can see on Twitter, it looks like Google is currently addressing this issue. However, it obviously needs to take a closer look at the tools it uses to check the authenticity of links it allows in results. Some of them are obviously fake just from the URL. For example, a fake site for KMPlayer has the URL of “videoplaer.com”