© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

Cybercriminals deploy ads for fake Google Authenticator app


Hackers and cybercriminals are currently pushing ads to push people to download a fake Google Authenticator app. Instead, the ads contain a download link that installs infostealing malware called DeerStealer.

Cybercriminals publishing fake ads to spread malware: Google’s advertising platform has been misused for years to impersonate well-known software in order to trick gullible people to download malware.

Cybersecurity firm Malwarebytes has discovered a new campaign in which threat actors try to persuade innocent people into downloading malware or losing their data to phishing sites. This time however, it’s Google targeting itself.

The ad for Google Authenticator convincingly impersonates Google: the click URL refers to Google’s official site. It’s a very effective URL cloaking strategy.

However, if you look at the details of the advertiser, it’s not Google’s name that pops up. Instead you’ll see a made up name of a person that’s not affiliated with Google. Most likely it’s a fake account.

Through a series of redirections users will land on a page where they can download the file ‘Authenticator.exe’, which is hosted on GitHub. As mentioned before, this is not the executable for the real Google Authenticator app.

When the download is executed, it will launch infostealing malware called DeerStealer. Once active, the malicious software steals login credentials, cookies and other information stored in users’ web browsers.

“Threat actors have been abusing Google ads as a way to trick users into visiting phishing and malware sites. Since the whole premise of these attacks relies on social engineering, it is absolutely critical to properly distinguish real advertisers from fake ones,” Malwarebytes concludes.

When contacted by BleepingComputer, Google said it blocked the false advertiser that was reported by Malwarebytes. When asked how threat actors can impersonate legitimate companies, Google said they create thousands of fake accounts simultaneously and use text manipulation and cloaking to show reviewers and automated systems different websites that regular visitors would see.

Google emphasizes it has detected and removed 3.4 billion fake ads, restricted 5.7 billion ads and suspended over 5.6 million advertiser accounts in 2023.


Leave a Reply

Your email address will not be published. Required fields are marked