Cybercriminals have reportedly managed to trick one other Google service into delivering malicious apps to unsuspecting customers.
Their newest goal is the Google Alerts service, which researchers have discovered has been abused to push faux updates of the now-discontinued Adobe Flash Participant.
The newest marketing campaign provides to the rising listing of Google companies which have been repeatedly abused in novel ways by risk actors for malicious functions.
On this newest occasion, unscrupulous components first create faux tales with titles that comprise standard key phrases with the intention to get the eye of the search engine’s bots.
As soon as these faux tales have been listed, the Google Alerts service will push them to the inbox of oldsters who’ve arrange alerts to trace these key phrases.
Trusting them to be reputable, since they’re beneficial by a Google service, when clicked the faux tales then redirect to a malicious website, which promotes all types of doubtless undesirable applications (PUPs).
BleepingComputer lately noticed one such marketing campaign that used the faux Google Alert story to as a substitute push a notification that means customers to put in an app to purportedly replace their out-of-date Flash participant. Not surprisingly, the app then promotes numerous PUPs.
That is simply one of many latest examples of tricksters exploiting the belief of Google companies for malicious functions. Prior to now, risk actors have abused Google Types and Google Sheets for malware command-and-control communications. Safety researchers lately found an internet skimming operation that leveraged the status of Google’s Apps Script area.
By way of: BleepingComputer