Hackers Use Google Ads to Target New Victims

Information has surfaced on a malicious advertising campaign that uses Google Ads to send next-stage payloads to bogus landing sites and mislead customers looking for popular software.

The behavior was revealed by Malwarebytes, which described it as “unique in its way to fingerprint users and distribute time-sensitive payloads.”

The attack targets users who are looking for PDF converters and Notepad++ in particular, serving fake advertisements on the Google search results page that, when clicked, filter out bots and other unwanted IP addresses by displaying a spoof website.

whether the threat actor finds the visitor interesting, the victim is surreptitiously fingerprinting the system to find out whether the request is coming from a virtual machine and is then sent to a clone website that advertises the program.

In the meanwhile, a possible target is given a unique ID for “tracking purposes but also to make each download unique and time sensitive.” Users that pass the verification process are sent to the official Notepad++ website.