Malvertising never goes away—it just changes tactics.
Clicking on a Google ad can be like gambling, except that there are no winners in the game. Land on a legitimate website, and you’ve fed the algorithm info about what ads to keep serving you. End up on a malicious webpage, and well, you may have exposed your PC to danger…especially if you downloaded software from the phony site.
We’ve issued this warning before, like when owners of AMD Radeon graphics cards were targets. Or when the crosshairs moved over to Bitwarden users. Now Malwarebytes, the well-known maker of anti-malware software, is further reminding all of us to continue avoiding ads in search results. As reported by Bleeping Computer, the company has discovered a new trend in bad ads—using unicode characters to make fake web addresses look real.
Called “homograph attacks,” this tactic has been around for a while. What’s newer is its use in Google ads. Malwarebytes spotted this approach in a sponsored ad for KeePass, a free password manager. Typically used by geekier tech enthusiasts, its target audience is savvy and able to pick up on clues that a link could be suspect. But for this particular sponsored ad, the URL in the search result looks just like the real address—with no other indicators that the site is fraudulent.
Malwarebytes
If you were in a hurry and clicked the link, you could miss the deception. The sham website looks exactly the same as the real deal, except its software download is full of malware. The only tip-off is the address bar, which uses the unicode character “Ä·” in place of the letter “k”. It’s a subtle difference, and one easily overlooked.
You can get full technical details of how this malvertising trick works in Bleeping Computer’s rundown, but the main takeaway is the same as before: Don’t click Google ads for software downloads. That may sound easier said than done, what with the sponsored ones appearing at the top of search results, but it’s doable if you try these tips:
- Scroll down the list of results. Text ads for legit companies will appear again as normal search results, often within the top five. Use the link that’s further down the page.
- Check for an ad label.
- Slow down. Take an extra few seconds to look over your search results.
- If you can’t see the full URL, hover your mouse over the text link and it’ll appear at the very bottom left of your browser tab.
- Use antivirus or antimalware software that will block your ability to load phony sites.
The nuclear option, of course, is to use ad-blocking extension for your browser, like uBlock Origin. Because unfortunately, you can’t get away from the evolving attempts to compromise your PC—not even by switching search engines. Microsoft Bing also has similar issues. The best you can do is to keep as much distance between yourself and bad links—and report them if you see any.
