Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users’ computers.
The threat actors create fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts will alert people who are following those keywords.
When visiting the fake stories using a Google redirect link, as shown below, the visitor will be redirected to the threat actor’s malicious site.
However, if you visit the fake story’s URL directly, the website will state that the page does not exist.
This past week, BleepingComputer has been monitoring fake stories being indexed by Google and pushed out by Google Alerts. These have been redirecting users to web pages pushing browser notification spam, unwanted extensions, or fake giveaways, like the Amazon one below.
Threat actors switch to a new campaign
This weekend, BleepingComputer observed the fake news stories redirecting to a new campaign that states your Flash Player is outdated and then prompts you to install an updater.
While Adobe Flash Player has reached the end of life and is no longer supported by any browsers, many people may not realize this and click on the ‘Update’ button thinking they are installing the latest update.
Over time, One Updater will display updates that should be installed and offer potentially unwanted programs.
While we have not seen One Updater pushing anything malicious at this time, similar software in the past has installed password-stealing Trojans and cryptocurrency miners.
If you are redirected to a website, whether via Google Alerts, Google Search, or any other means and are prompted to install an extension or program update, simply close the browser.
Installing these programs typically leads to malicious activity or unwanted behavior that only benefits the application developers.