Malwarebytes Labs researchers have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor.
Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself. Today, Malwarebytes Labs show yet another example of brand misuse, except that this one targets Google itself. If you were trying to download the popular Google Authenticator (a multi-factor authentication program) via a Google search in the past few days, you may have inadvertently installed malware on your computer.
Read more…
Source: Malwarebytes Labs
Related:
- Host-based logs, container-based threats: How to tell where an attack began
June 3, 2025
Although containers provide an isolated runtime environment for applications, this isolation is often overestimated. While containers encapsulate dependencies and ensure consistency, the fact that they share the host system’s kernel introduces security risks. Based on Kaspersky security researchers experience providing Compromise Assessment, SOC Consulting, and Incident Response services to Kaspersky customers, the researchers have repeatedly seen ...
- Google Releases Security Updates for Chrome
June 3, 2025
Google has released version 137.0.7151.68/.69 for Chrome for Windows and Mac and 137.0.7151.68 for Chrome for Linux which will roll out over the coming days/weeks. The updates address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-5419 has a CVSSv3 score of 8.8 and is an “out of bounds read and write” vulnerability in V8 ...
- Victims risk AsyncRAT infection after being redirected to fake Booking.com sites
June 2, 2025
Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com. According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities for scammers. The first signs of the campaign showed up mid-May and ...
- Key Linux systems may have security flaws which allow password theft
June 2, 2025
Cybersecurity researchers from Qualys have discovered two information disclosure vulnerabilities plaguing different Linux distros. The flaws, both of which are race condition bugs, allow threat actors to gain access to sensitive information. The first one is found in Ubuntu’s core dump-handler, Apport, and is tracked as CVE-2025-5054. The second one is found in the default core-dump ...
- Vanta bug exposed customers’ data to other customers
June 2, 2025
Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and compliance processes, said it ...
- Cartier confirms data breach, warns customers of potential targeted attacks
June 2, 2025
Cartier, the famous jewellery and watchmaker, is owned by Richemont, a Swiss-based luxury conglomerate has notified customers of a data breach that exposed limited personal information following a security lapse in its systems. The brand said the breach was swiftly contained and emphasised that no financial or sensitive login data was compromised. In a letter sent ...