A fake ad campaign serving a trojanized version of the AnyDesk program ranked higher in searches than the legitimate ads. The ads which appeared in the Google Search results came with a a fake version of the remote desktop app. Although this was a trojanized version, the campaign managed to rank higher than the company’s legitimate Google Ads one.
Fake AnyDesk ads avoided anti-malvertising shield
The campaign became active in April and criminals managed somehow to trick the anti-malvertising from Google. Thus, 40% of the users that clicked on the ad installed the malware, researchers from CrowdStrike discovered.
Afterwards, the criminals managed to gain remote access to an important number of potential targets. This was possible as they used “follow-on hands-on-keyboard activity.” Thus, they convinced users who downloaded the program to execute a binary – AnyDeskSetup. Then, the malware launched a PowerShell script.
“Digital IT Consultants Plus Inc” was the signature on the bogus file, instead of the “philandro Software GmbH”.
So, security researchers discovered that the script was similar to the one that hackers delivered for a malicious Zoom installer. According to them, the logic of it was similar to the one used to trick Zoom potential users.
Better results than the legitimate campaign
Researchers could not see how many Google searches resulted in clicks on the fake ad. Still, the installation rate from an ad proved that the method was very successful.
The security company notified all affected users and alerted Google. Fortunately, the search giant reacted quickly and stopped the malicious ad.
At the moment, Google says that its system relies on both humans and automated tools to block abusive ads. They say that “Google’s proprietary technology and malware tools are used to regularly scan all creatives”. Still, this does not seem to be enough.
Joseph Neumann, cyber executive adviser for Coalfire, consider that Google should develop better screening measures. Thus, it could support legitimate organizations and discourage cybercriminals.
To get rid of such threats, conscious users can download a reliable ad blocker.
