Davey is a four-decade veteran technology journalist and contributing editor at PC Pro magazine, a position he has held since the first issue was published in 1994. You can follow Davey on Mastodon, Twitter/X and most social networks as happygeek. Davey has spent more than 30 years as a freelance technology journalist.
What if I told you that looking for the official Google Authenticator app on Google search could lead you to a fake version that steals your data instead of providing 2FA security codes? Jérôme Segura, principal threat researcher at Malwarebytes , has warned that “if you were trying to download the popular Google Authenticator via a Google search in the past few days, you may have inadvertently installed malware on your computer.
The Malwarebytes threat researchers said that at the heart of the issue with the fake Google Authenticator incident is the adverts being served by Google. During a Google search for the Google Authenticator they “appear as if they were from official sources and advertisers’ identities verified by Google.” Security professionals are quick to suggest that people should never trust and always verify, the so-called zero trust defense, but when an advert displays www.google.
“We have seen this very effective URL cloaking strategy in past malvertising campaigns,” Segura said, “including for KeePass, Arc browser, YouTube, and Amazon. Still, Google continues to fail to detect when these imposter ads are created.”that victims of the hacking campaign would see what appeared to be a genuine Google Authenticator download site. They also found evidence of the threat actors using a number of different fake domains to fool visitors.
By examining the fake site’s source code, the Malwarebytes researchers determined that the malicious code, purporting to be Google Authenticator and with the name Authenticator.exe, was hosted on GitHub, which adds another layer of trust to the whole threat equation. Comments from the code author were in Russian, although it’s impossible to determine attribution at this stage correctly.
“Since the whole premise of these attacks relies on social engineering, it is absolutely critical to properly distinguish real advertisers from fake ones,” Segura warned, “as we saw in this case, some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well.
Google Authenticator Google 2FA Google Ads Google Search Google 2FA App Attack Google Security Malwarebytes Deerstealer Malware Fake Google 2FA App
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Paris Olympics Security Warning—Russian Hackers Threaten 2024 GamesDavey is a four-decade veteran technology journalist and contributing editor at PC Pro magazine, a position he has held since the first issue was published in 1994. You can follow Davey on Mastodon, Twitter/X and most social networks as happygeek. Davey has spent more than 30 years as a freelance technology journalist.
Read more »
Eight Nations Issue Warning About Speed Of Chinese Hackers' OperationsI've been writing about technology for most of my adult life, focusing mainly on legal and regulatory issues. I write for a wide range of publications: credits include the Times, Daily Telegraph and Financial Times newspapers, as well as BBC radio and numerous technology titles.
Read more »
Drinking Water Warning Issued for City in MichiganResidents in Sylvan Township were advised not to drink tap water after a 'security breach' at the local water treatment plant Monday morning.
Read more »
Migrant Warning Issued as Bodies Found Near US BorderPeople have been warned of the risks of attempting border crossings amid scorching summer temperatures.
Read more »
Chicken Recall Nationwide as Warning Issued to CustomersThe imported products were found to contain bacteria that can cause food poisoning.
Read more »
Hurricane Warning Issued for Texas As Beryl ApproachesThe weather system is forecast to regain hurricane status and make landfall on the coast of Texas.
Read more »