Hackers are using Google Alerts to help spread malware
Fake news gives rise to fake alerts that install phony Adobe Flash updates
Cyber criminals have targeted the Google Alerts service, which they have used to push fake updates to the now-defunct Adobe Flash Player. According to reports, hackers have created fake news stories with titles containing popular keywords that Google’s search engine then indexes. When this happens, Google Alerts pushes out notifications to people who follow these keywords.
Since these “stories” come via Google Alerts, hackers hope victims will think the alert is legitimate and will click on the fake story. Doing so leads victims to a malicious site that pushes browser notification spam, unwanted extensions, or fake giveaways.
The latest attack redirects users to a page that states the user’s Flash Player is outdated and needs to be updated. Adobe no longer supports or updates Flash Player, but many victims may not realize this and click on the update button. Microsoft killed Adobe Flash support in its web browsers last January, around the same time as Google, Apple, and Mozilla.
If the victim accepts the update, the page downloads a file that installs a potentially unwanted program called One Updater. This in itself offers to install other potentially unwanted programs.
Google Alerts users have been advised that if they’re redirected to such websites and are prompted to install an extension or program update to close the browser window immediately.
Javvad Malik, security awareness advocate at KnowBe4, told IT Pro that by manipulating Google Alerts, cyber criminals are finding ingenious ways to get into users' inboxes, as email gateways and spam filters won’t block alerts.
"Once in the user's inbox, there is a high likelihood that users will click on the link because the alerts are something they expect and trust,” he said.
“It's why users should keep their guard up even with trusted or expected links and if they end up on a page where there are unwanted pop-ups or downloads, they should immediately close the browser window and alert their IT security team to ensure no malicious software has been downloaded."
Four strategies for building a hybrid workplace that works
All indications are that the future of work is hybrid, if it's not here alreadyFree webinar
The digital marketer’s guide to contextual insights and trends
How to use contextual intelligence to uncover new insights and inform strategiesFree Download
Ransomware and Microsoft 365 for business
What you need to know about reducing ransomware riskFree Download
Building a modern strategy for analytics and machine learning success
Turning into business valueFree Download