Hackers are setting up fake websites for free, open-source software to promote malicious downloads through advertisements that appear in Google search results, the website said.
It cited the case of crypto influencer Alex, also known as "NFT God", who was recently hacked after launching a fake executable for the open broadcaster software that allows video recording and live streaming, which he had downloaded from an advertisement that appeared in Google search results.
Alex was likely attacked by information-stealing malware targeting saved browser passwords, cookies, and cryptocurrency wallets.
According to BleepingComputer, he soon found that his account at the OpenSea NFT marketplace had also been compromised and that a different wallet was listed as the owner of one of his digital assets.
BleepingComputer listed 10 popular programs that users should double check before clicking on the download links that appear in Google searches:
The website advises that the latest antivirus software, either free or paid, be installed and updated on any device before downloading from sites users are unsure of.
Furthermore, using ad-blockers, which are available as extensions in most web browsers, can decrease the risk of accidentally clicking on sponsored links, as they stop advertisements from being loaded and displayed on a web page, including search results.
BleepingComputer has submitted their findings to Google, who responded by removing the reported malicious ads in accordance with the company’s policy on brand impersonation prevention.
Source: BleepingComputer