Clicking on sponsored results in a Google search can lead to a trojan infection and other scams. In the latest campaign, cybercriminals are impersonating DeepSeek, a popular artificial intelligence model, Malwarebytes researchers warn.
A new malvertising campaign has been spotted targeting unsuspecting Google searchers. Hackers are trying to exploit DeepSeek’s rising popularity by setting traps among sponsored search results.
“We are getting so used to sponsored Google search results being abused by criminals that we advise people not to click on them,” Malwarebytes Labs write in an advisory.
The new fake ads promote “Accurate Search in Seconds” and an “Intelligent Search Engine.” However, they use an unauthentic domain deepseek-ai-soft[.]com, which leads to a malicious website.
A side-by-side comparison with the real DeepSeek search results reveals an easy-to-spot difference. However, without the comparison, unsuspecting searchers are not likely to distinguish a fake ad from a real vendor.
The malicious landing page looks very convincing.
Attackers “certainly put a lot more effort into creating the fake website which the advertisement linked to,” the researchers said.
It contains a download button, which, when clicked, will download a Trojan programmed in Microsoft Intermediate Language.
Malwarebytes warns that Google is unable to keep fake ads out of their platforms, and criminals achieve a profitable enough success rate to keep paying Google and outrank legitimate brands on top of search results.
Over the past year, Cybernews has reported on hackers impersonating Facebook. Fake ads appeared at the top of the search results, leading to scams.
Google itself has been impersonated many times. Malicious Google Authenticator ads tricked users into downloading a fake Authenticator app. Hackers even attempted to profit from fake ads impersonating the company’s own advertising platform Google Ads, which they used to place the fake ads.
Other impersonated brands include Amazon, Microsoft, and utility software such as Slack, Notion, Calendly, Odoo, Basecamp, the KeePass password manager, Bandicam Recorder, and others.
“So, our first tip is not to click on sponsored search results. Ever,” Malwarebytes said.
“The second tip is to look at the advertiser by clicking the three dots behind the URL in the search result and look whether the advertiser listed is the legitimate owner of the brand or not.”
Even if the advertiser appears to be “verified by Google,” that doesn’t mean you’re safe – hackers use compromised advertising accounts to place their traps.
Using an adblocker is suggested to avoid seeing sponsored ads altogether.
Your email address will not be published. Required fields are markedmarked