Crimeware

Google Malvertising

By now, we have all used Google’s search engine enough to know that the top-ranking pages are the most popular pages: “top-ranking” does not necessarily ensure the most accurate or even the most pertinent information. This is because search engines operate from an algorithm that assesses which content is the most optimal for your search (hence, search engine optimization). Furthermore, these pages are also interspersed with ads related to the initial search; this means that, at nearly every level, you are receiving suggestions to pages that look and feel as though they are related to your question. 
 
In the past few months, bad actors have taken advantage of users’ propensity to click on this advertising to introduce malvertising (malicious advertising). By utilizing ads to gain access to the top of Google’s search results, these malicious actors can present their attacks in the form of inconspicuous-looking websites that are nevertheless designed to trick users into downloading pernicious programs. Additionally, these attacks are only growing more sophisticated as malware-as-a-service is increasingly sold at relatively low prices—this allows bad actors who previously were unable to engage in hacking to steal your personal information. What is more, these attacks show no signs of slowing down. 
 
One way Google could help stop the spread of this malware is by refusing to approve ads that link to new domains. Facebook, for example, does not allow new accounts within a certain timeframe to post into groups to limit the amount of spam on its platform. Google could do something similar as the immediate use of newly registered domains is often associated with high-risk activity. However, in lieu of a comprehensive response from Google, users need to take steps to ensure their own safety. 
 
The easiest way to avoid security concerns is always by practicing an extreme form of caution: do not click on any ads listed at the top of your Google searches—and especially ads to any companies with which you are unfamiliar. Make sure you are employing up-to-date antivirus protection software in case you do accidentally click on a threat posing as a harmless ad. And remember to choose complex passwords and employ two-factor identification when possible.