This is a situation you may have never thought you’d have to worry about: Google taking money from hackers, then passing the malware along to you.
Of course Google wasn’t aware it was passing this malware on knowingly. But hackers were able to spread a malicious banking trojan by buying keywords on Google’s Adsense service.
Once users clicked on the ad and downloaded the advertisement, it downloaded banking fraud malware to their devices, exploiting a zero-day flaw in Chrome.
Mostly surviving abroad
The malware has been downloaded to more than 318,000 devices according to Kaspersky. The good news (depending where you’re reading this article) is that more than 97% of those downloads came not in North America, but in Russia.
It can be nearly impossible for Google to keep up with every malicious or scam site that advertises on its network. As the podcast Reply All discovered, there is a backlog of malicious ads that can’t easily be worked through.
For companies concerned about malware, mobile or otherwise, ad blocking services are important, but not a true defense.
Your best bet: Educate users to be aware they shouldn’t always click on the top result for searches, but to scroll down past the obscure ad results.