Scam Alert: Don’t Click That Ad!

Last updated on December 21st, 2023 at 01:54 am

A hooded man is holding his phone in front of a laptop. The word "malvertising" appears on the image with a glitch effect.
ID 242362695 © Stevanovicigor |

Unless you use an ad blocker, chances are the top results you see in a Google search are ads. For example, the top four results that appear when I search for “malware removal” are all ads. Worse, I have to scroll down to get to the real search results! 

A Google search for the term "malware removal" returns four ads. Actual search results are not visible on the page.
A search for “malware removal” is filled with four ads. Screenshot by Safe, Not Scammed.

While Google gives these ads a small label to indicate their true nature, it’s easy to miss. This means you can click a result thinking it’s the highest ranking page when in reality someone paid to get it to the top of the search results. And when that someone is a cybercriminal, the results can be catastrophic.

Malicious ads impersonate popular streaming software OBS

As Web 3 is Going Just Great reports, NFT influencer NFT God found this out the hard way. As NFT God details in a Twitter thread, they searched on Google for the popular screen recording and streaming software OBS and clicked on one of the top results.

Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing amount of my net worth.
NFT God describes the consequences of clicking a malicious ad. Source: NFT God.

Unfortunately, NFT God had not clicked on the legitimate link for OBS, but on a malicious ad. That ad downloaded what appears to be information stealing malware that allowed criminals to compromise their digital life, draining their crypto funds and NFTs as well as taking over both their personal and professional accounts.

We are still seeing many users fall victim to fake websites in Google sponsored links distributing malware. Many of them mimic the appearance of the real site. We do not have any ads for OBS! Please ONLY download from our official website or our GitHub!
OBS warns users are still being tricked by malicious ads. Source: OBS.

And while you would think Google would act quickly to get malicious ads like these taken down, it appears that has not been the case. NFT God’s Twitter thread was dated January 14th, but on January 16th, OBS tweeted out a warning that malicious ads were still tricking “many users.”

When I tried searching for OBS on January 18th, however, no ads were displayed, perhaps indicating Google has fixed this particular problem for now.

The FBI’s recommendation

This is not the first time that cybercriminals have used Google ads to lure users into downloading malware. In fact, the FBI made a public service announcement about these kinds of attacks in December last year and even recommended users install an ad blocker to protect themselves.

If you’re thinking about taking the FBI’s advice and installing an ad blocker but don’t know which one to choose, PC Mag and Restore Privacy like a browser extension called uBlock Origin. I recently switched to uBlock Origin after an adblocker I used for years, Adblock Plus, deployed some shady marketing tricks, and have been happy with it so far!

Alternatively, you could switch to Brave Browser, which blocks ads and trackers without the need to install a separate browser extension.

Update: Malicious ads for a wide variety of popular programs, including CCleaner, LibreOffice, Slack, and VLC Media Player have been discovered by investigators at Bleeping Computer and MalwareHunterTeam on Twitter. Stay safe and block those ads!

Leave a Comment

Your email address will not be published. Required fields are marked *