Home Malware scam on GitHub impersonates Google Authenticator ad

Malware scam on GitHub impersonates Google Authenticator ad

tl;dr

  • Cybersecurity firm Malwarebytes uncovered a scam involving fraudulent Google ads leading to a malicious Authenticator download.
  • The scam redirects users multiple times before landing on chromeweb-authenticators.com, where the fake app is hosted.
  • Principal threat researcher Jerome Segura advises against clicking ads for software downloads, noting the irony of compromising security while seeking to improve it.

A cybersecurity software provider has uncovered fraudulent advertising branded as Google, which links to a malicious version of Authenticator. 

The sophisticated scam purports to come from a Google-supported domain, but it results in a GitHub download. 

When you click on the ad, it redirects a handful of times before landing on chromeweb-authenticators.com, which is the host of the fake app for download. 

Jerome Segura, principal threat researcher at Malwarebytes – the company that detected the elaborate scam – reiterated the importance of not clicking through an ad to obtain any kind of support. 

He stated, “Some unknown individual was able to impersonate Google and successfully push malware disguised as a branded Google product as well.”  

“We should note that Google Authenticator is a well-known and trusted multifactor authentication tool, so there is some irony in potential victims getting compromised while trying to improve their security posture,” added Segura. 

“We recommend avoiding clicking on ads to download any kind of software.”

Dangers can lurk behind fake advertising

By hosting the file on GitHub, the scammers have successfully deployed a trusted cloud resource, but this in itself is not an unexpected penetration of note. 

GitHub is renowned for its prominence as the software repository of choice, but it is not faultless. 

Not all material hosted by the resource is legitimate, and almost anyone can create an account and upload files. In this instance, the threat actor followed this approach under the username authe-gogle, setting up the authgg repository that contained the malicious Authenticator.exe:

This is an intentional abuse of the ubiquity of Google and the unassuming trust that most users have toward the tech giant. It is a cunning, but effective method to dupe people into the clutches of malware. 

It is critical to ascertain legitimate advertising from fake content and the dangers that lurk beneath the surface. This example shows how a bad actor was able to successfully hide behind one of the most prominent brands in the world to spread malicious software.

Image credit: Via Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Graeme Hanna
Tech Journalist

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.