Google gamed into advertising a malicious version of Authenticator
Infosec in brief Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software.
A team at security shop Malwarebytes spotted the adverts, which appear to come from a Google approved domain – and from a verified user – earlier this week. They even list the domain for the download as coming from google.com, as you can see below, even though it defaults to a GitHub download.
After clicking on the advert, users are redirected a number of times before landing on chromeweb-authenticators.com, hosting the fake app for download. Hosting the code on GitHub gives it an extra air of authenticity. While attribution is impossible, some of the code on the site is written in Russian.
"Some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well," reported Jérôme Segura, principal threat researcher at Malwarebytes.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25831586/STKB310_REDNOTE_XIAOHONGSHU_B.jpg)
