A new type of malvertising campaign that leverages Google ads has been found distributing malware. One such incident has been cited through Google ads served on the popular news site: The New York Times.
How does it work?
Discovered by SlashNext, the Google ads look genuine at first sight. It promotes the download of an Online PDF converter.
Clicking on the ad takes visitors to a nice-looking page that includes more information about the product. The page also includes a prominent green button that asks the viewers to ‘Download to Continue’.
Once the app has been downloaded, users are redirected to a special phishing page that conducts user behavior monitoring by hijacking the browser and the search functionality.
The app also silently runs unsecured malicious third-party content within a browser.