We’ve covered a series of innovative cyber attack methods recently, from hiding malware in fake job offers to ‘malvertisers’ pushing fake ads across advertising networks in a bid to trap unsuspecting victims and infect their devices with malware. Unfortunately, today we bring you news of a particular malvertising scam, that has been able to break into the Google ads network and is pushing malware in fake ads for the Photoshop alternative program GIMP.
.png){kind=logo}
According to a report on BleepingComputer, which cites a Reddit post by ZachIngram04, up until just last week, Googling the popular and free photo editing tool GIMP, widely seen as a reputable open-source alternative to Adobe Photoshop, would serve up fake ads that would take you to a fake version of the GIMP homepage.
Once the victims land on the fake homepage, they are shown a fake Download button that will install malware onto their computers and cause a wide variety of security issues and problems.
What is interesting to note is the innovative ways the scammers have been able to bypass the security features of the Google ad network, which included bulking out the malware file to 700 MB in size so that it more closely resembles the true size of the real file.
The main problem here is that the scammers have been able to serve up a malicious site that very naturally points you to a malicious download in one of the most common internet settings, the results of a Google search. Here, you are highly likely to just thoughtlessly go through the motions and download the file, but there are key aspects to look out for that could give away the dangerous nature of the site you are on and the file you are about to download.
In this case, the actual URL of the fake site is gilimp.org, which is different to the real address, which is gimp.org. It even sounds strange when you read it, which is a real red flag. The other red flag in this instance is the download domain gimp.monster. Again, this domain is fake with the giveaway being that it goes to a .monster domain instead of a .org domain. Often scammers will try to trick users by serving up a fake root domain.
To learn more about these two detection methods as well as a wide variety of other red flags to look out for, check out our phishing scam detection infographic.
Image via: BleepingComputer
