Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   Warning: Google Alerts abused to push fake Adobe Flash updater (http://txgate.io:443/showthread.php?t=44053)

Artifact 01-19-2025 06:00 PM

https://www.bleepstatic.com/content/.../16/Google.jpg
Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers.
The threat actors create fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts will alert people who are following those keywords.
When visiting the fake stories using a Google redirect link, as shown below, the visitor will be redirected to the threat actor's malicious site.
https://www.bleepstatic.com/images/n...alert-link.jpg
Example Google Alerts link for a fake story
However, if you visit the fake story's URL directly, the website will state that the page does not exist.
https://www.bleepstatic.com/images/n...n-visiting.jpg
Page does not exist when directly visiting the URL
https://www.bleepstatic.com/images/n...e-giveaway.jpg
Fake Amazon giveaway scam
Threat actors switch to a new campaign
This weekend, BleepingComputer observed the fake news stories redirecting to a new campaign that states your Flash Player is outdated and then prompts you to install an updater.
https://www.bleepstatic.com/images/n...nding-page.jpg
Website stating Flash Player needs to be updated
While Adobe Flash Player has reached the end of life and is no longer supported by any browsers, many people may not realize this and click on the 'Update' button thinking they are installing the latest update.
If a user clicks on the Update button, they will download a setup.msi file [VirusTotal] that installs a potentially unwanted program called 'One Updater.'
https://www.bleepstatic.com/images/n...ne-updater.jpg
The One Updater potentially unwanted program
Over time, One Updater will display updates that should be installed and offer potentially unwanted programs.
While we have not seen One Updater pushing anything malicious at this time, similar software in the past has installed password-stealing Trojans and cryptocurrency miners.
If you are redirected to a website, whether via Google Alerts, Google Search, or any other means and are prompted to install an extension or program update, simply close the browser.
Installing these programs typically leads to malicious activity or unwanted behavior that only benefits the application developers.


All times are GMT. The time now is 08:59 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.