Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to allow Google Search to index the content.
Google Alerts is a content change detection and notification service, it sends emails to the user when it finds new results (i.e. web pages, newspaper articles, blogs, or scientific research) that match the user’s search term(s).
Upon indexing the content, Google Alerts will alert people who are searching those specific terms.
Clicking on the links sent by Google Alerts related to the matches in the fake stories, users are redirected to malicious sites under the control of the threat actors the threat actor’s malicious site.
However, experts pointed out that visiting the URL of the fake stories directly, the website will state that the page does not exist.
Bleeping computer experts observed multiple campaigns abusing the Google notification service.
“This weekend, BleepingComputer observed the fake news stories redirecting to a new campaign that states your Flash Player is outdated and then prompts you to install an updater.” states BleepingComputer.
Once Clicked the ‘Update’ button, the victim will download a setup.msi file that installs a potentially unwanted program called ‘One Updater.’
Even if “One Updater” is not a malware, we cannot exclude that this technique could be used by threat actors to deliver and execute malicious payloads in future attacks.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Google Alerts)