OBS, VLC, WinRAR and other apps become bait in fraudulent ads on Google

OBS, VLC, WinRAR and other apps become bait in fraudulent ads on Google

Popular software like VLC, WinRAR, OBS, Gimp, Audacity, Notepad++, 7-Zip and others are being used as bait for spreading viruses from fraudulent Google ads. Criminals use fake websites that appear at the top of searches because of their sponsored character, tricking users into clicking and downloading malware that steals cryptocurrencies and access credentials to online services.

  • How to know if a website is safe
  • These are the 10 most common financial scams in Brazil

The contents of the official websites are cloned by the crooks, in domains similar to the original ones and that bring links to downloads in legitimate services. The malicious files themselves come from hosting platforms that are also recognized, which means that security and antivirus platforms do not always detect the scam.

The alert from those responsible for OBS, one of the most popular live streaming applications for Windows, was just the tip of the iceberg in an ongoing campaign that seems to focus on free and open source software. At the other end, the targets would be profiles on Gmail, Twitter, Discord and Substack, as well as cryptocurrency wallets to have their funds drained.

“We are still seeing many users fall victim to fake websites that distribute malware through sponsored Google links. Many of them mimic the appearance of the real website.

We do not advertise for OBS! Please ONLY download from our official website or GitHub!”

Other communication platforms, such as Microsoft Teams, Discord and Adobe applications would also be the subject of malicious campaigns of this type. Meanwhile, the focus of criminals would be on information-stealing viruses, such as the well-known Vidar and RedLine, in addition to a trojan programmed in .NET that provides remote access to infected machines for criminals.

It was precisely when downloading a fake version of the streaming app that a Twitter user saw “his entire digital life being violated”. At first, there didn’t seem to be anything wrong, with the executable downloaded from the dangerous site not doing anything. However, in less than 24 hours after trying to download OBS from a fraudulent website, all of their accounts were hacked, while cryptocurrency and NFT wallets were also stolen.

“Last night, my entire digital life was breached. Every account connected to me, personally or professionally, was hacked and used to target others. Less important, I lost an amount of financial value that will change my life.”

Criminals still used the victim’s Substack profile to send messages and post with malicious links to an audience of 16,000 followers. Cryptocurrencies were pulverized and NFTs transferred ownership, as the afflicted struggled to change their passwords, reset their computer and protect their digital profiles.

Be careful when downloading apps

The recommendation is to pay attention when looking for software to download through search engines. It is always important to pay attention to the website accessed and check if it is legitimate and belongs to the official software developers. Always look for recognized marketplaces and pages before doing any installation.

Keeping antivirus and security software active on the computer also helps to maintain the machine’s protection and indicate any problems on websites, in addition to access to fraudulent pages. The same also applies to smartphones, where dangerous apps can also be shared in the same way.

In response to the Bleeping Computer website on the subject, Google said it has robust policies to prevent fraudulent ads from assuming the identity of real platforms or services. The company said that the identified fraudulent advertisements, on behalf of the cited software, have already been removed from the air.

With information from the Bleeping Computer.