Another month, another thing to add to the list of threats to be aware of when browsing around online. This time, researchers have found a greatly increased prevalence of what is being called "MalVirts" when searching for popular software downloads using Google.
As you are no doubt aware, when you search for most things on Google, the first few results it returns are not what it thinks are the best results for your search, but the results for the people that have paid the most to advertise on that search term. These results will be marked as "Sponsored" or "Ads" with varying degrees of obviousness depending on how Google is deciding to highlight these on any given week.
There has always been some degree of abuse of this method to try and get people to visit websites loaded with malware. However, according to researchers at Spamhaus, there has been "a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’"
Software like Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, and Thunderbird was being targetted, but this will by no means be a definitive list, and will likely be changing by the hour as the scam sites are discovered and others pop up in their place. The domain names for these sites will often be fashioned to look convincing and relevant to your search.
They're using the fact that the site looks "trusted" because Google has put it at the top of its results to try and reduce your guard once you're on them. However, all the usual threats apply once you're there. The site itself could be laced with malware. Any data you enter could be stolen. Most likely in these cases as they're targetting software downloads is that the download itself will contain a virus that will infect your device when you run it.
Google is trying to get a grip on this problem, although no doubt balancing that with the fact they make a lot of money from these ads, so they won't want to clamp down so hard that they start banning genuine websites. Researchers have suggested that they could use the age of the domain name as an indicator that a site may be dodgy. As these sites are invariably identified as malicious quite quickly, the domains are usually very new and then abandoned as soon as they've served their purpose.
While this battle rages, we should all ensure we're alert to this threat. The simplest thing to do in these cases is to just scroll past anything that has been marked as an ad or sponsored, no matter how genuine the link looks. Instead, go to the first real or "organic" result. Also worth noting here is that this problem is unlikely to be exclusive to Google, although scammers will focus their attention here as it's currently where they'll get the highest hit rate. Regardless of the search engine you use, add this to your list of things to worry about!