Web surfers might end up paying for Google ads

Feb 07 2023

Gone Phishing Banner

We are the Chipotle of newsletters… served fast with great content

Today’s hottest cyber security stories:

  • Sweet Chrome MALabama: ‘MalVirt’ subverts Google Ads
  • US Ambassador for Cybersecurity… Gets hacked!
  • Tinker Tailor Soldier Spyware: Microsoft falls prey to ‘cyberespionage‘
sweet chrome malabama


There’s no place like Chrome, huh? We’re not so sure after reading about the latest onslaught of phishing taking place on Google Ads.

To be clear, the more discerning web surfer has always known to exercise caution when downloading popular software via a google search. It’s easy to fall hook, line, and sinker (sorry) for a classic phishing scam.

However, the amount of malvertising that’s been taking place on Google Ads in the last few days would have Don Draper reaching for his bourbon before breakfast!

“Over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malwares being utilized”, said Spamhaus. “This is not ‘the norm’.”

Spamhaus is a (self-proclaimed) international threat intelligence organization, providing highly-trusted real-time actionable data on spam, phishing, botnets and malware sources. They’re well respected within the cybersecurity sphere.

Usual Suspects:

  • MalVirt
  • AuroraStealer
  • IcedID
  • Meta Stealer
  • RedLine Stealer
  • Vidar
  • Formbook
  • XLoader
  • Keyser Soze (Just kidding!!)

What to watch out for…

So, a good rule of thumb when choosing which link to click on is to always read the URL very carefully…

Here’s a real-world example of what to watch out for. Last Thursday (when this was first identified and exposed), if you did a Google search for ‘visual studio download’ (a popular software), the top result was a Google Ad with the URL: “downloadstudio.net”.

After clicking that Google-sponsored link and landing on the site, unsuspecting punters were offered a legitimate looking download which was in fact malicious. Sneaky, huh?

Searches for other software, including Thunderbird, MSI Afterburner, and Audacity, returned similarly sinister results.

So, stay safe out there, kids, and always remember to read the URL carefully before clicking!

Just think: URL – Ulways Read Link! ????


Here’s a funny one. So, over the weekend Nate Fick’s personal Twitter account got hacked…

I know what you’re thinking, who the Fick is that? Well, none other than the inaugural US ambassador at large for Cyberspace and Digital Policy.

Fick broke the story himself and appeared to have a sense of humour about the ordeal when he tweeted: “My account has been hacked. Perils of the job…”

For Ficksake!

One fellow Twitter user failed to see the funny side, retorting: “Perils of the job”? What about “duties of the job”?

I mean, it is a little surprising that the inaugural US ambassador at large for Cyberspace and Digital Policy (wow, what a mouthful!) apparently hasn’t heard of Two Factor Authentication. Get with the times, Nick!

Fick was sworn into office last September, and serves as the first-ever cyberspace ambassador at the State Department’s first Bureau of Cyberspace and Digital Policy, which launched in April 2022.

The bureau is tasked with (get this!) addressing “national security challenges, economic opportunities, and values considerations presented by cyberspace, digital technologies, and digital policy.”

Yeah… best of luck with that!


Microsoft has won a recent battle (but maybe not the war!) in its ongoing fight against malicious apps looking to access users’ calendars and meeting information, modify permissions, and ultimately, invade company intranets and wreak havoc.

This is a growing phenomenon known as… Cyberespionage!

We’ve said it before and we’ll say it again: there’s no terminology like cybersecurity terminology!

Specifically, Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations’ cloud environments.

Cyber security firm Proofpoint said: “We have implemented several additional security measures to improve the MCPP vetting process and decrease the risk of similar fraudulent behavior in the future.”

Don’t sign your life away!

Indeed, as Microsoft said: “Consent phishing is an ongoing, industry-wide issue and we’re continuously monitoring for new attack patterns.”

Two of the apps were named “Single Sign On (SSO),” and the third one was called “Meeting,” requesting access to the following permissions:

  • Read your mail
  • Maintain access to data you have given it access to
  • Read your mailbox settings
  • Sign you in and read your profile
  • Send mail as you
  • Read your calendars
  • Read your online meetings

So, be careful what you say yes to. It’s not like Apple terms and conditions – don’t just blindly click ‘Agree’!

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles