Malicious search results and fake Google adverts are being used by threat actors to deceive people into installing malware when they intend to download safe applications like WinSCP. Securonix, a cybersecurity organisation, is monitoring the activities under the handle SEO#LURKER.
Security experts Den Iuzvyk, Tim Peck, and Oleg Kolesnikov stated in a study shared with The Hacker News that “the malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the user to an attacker-controlled phishing site.” It is thought that the threat actors use Google’s Dynamic Search Ads (DSAs), which display malicious ads that direct victims to the compromised website by automatically generating adverts based on the content of a website.