Categories: News

Fake AnyDesk ads beat the real ones on Google Ads

AnyDesk fake website

A fake ad campaign serving a trojanized version of the AnyDesk program ranked higher in searches than the legitimate ads. The ads which appeared in the Google Search results came with a a fake version of the remote desktop app. Although this was a trojanized version, the campaign managed to rank higher than the company’s legitimate Google Ads one.

Fake AnyDesk ads avoided anti-malvertising shield

The campaign became active in April and criminals managed somehow to trick the anti-malvertising from Google. Thus, 40% of the users that clicked on the ad installed the malware, researchers from CrowdStrike discovered.

Afterwards, the criminals managed to gain remote access to an important number of potential targets. This was possible as they used “follow-on hands-on-keyboard activity.” Thus, they convinced users who downloaded the program to execute a binary – AnyDeskSetup. Then, the malware launched a PowerShell script.

“Digital IT Consultants Plus Inc” was the signature on the bogus file, instead of the “philandro Software GmbH”.

So, security researchers discovered that the script was similar to the one that hackers delivered for a malicious Zoom installer. According to them, the logic of it was similar to the one used to trick Zoom potential users.

Better results than the legitimate campaign

Researchers could not see how many Google searches resulted in clicks on the fake ad. Still, the installation rate from an ad proved that the method was very successful.

The security company notified all affected users and alerted Google. Fortunately, the search giant reacted quickly and stopped the malicious ad.

At the moment, Google says that its system relies on both humans and automated tools to block abusive ads. They say that “Google’s proprietary technology and malware tools are used to regularly scan all creatives”. Still, this does not seem to be enough.

Joseph Neumann, cyber executive adviser for Coalfire, consider that Google should develop better screening measures. Thus, it could support legitimate organizations and discourage cybercriminals.

To get rid of such threats, conscious users can download a reliable ad blocker.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.