There is now an increasingly disturbing phenomenon on the web where scammers are buying up Google's top ad spaces to spread their malicious code, often impersonating well-known apps such as WhatsApp (open in new tab) and seamlessly blending them into innocuous ads WhatsApp (opens in a new tab). Unless you know the exact URL of the app you are trying to download, you may end up downloading something harmful.

We have seen phishing tactics evolve over the years. Spoofing free or open source apps and buying ads is not a new technique for would-be scammers, but it seems to be on the rise with the NFT and cryptocurrency investment trends happening on the Internet.

If billion-dollar fish can be caught, there is no doubt that they are baiting the area. Just this week, in fact, the NFT God's "entire digital life" was leaked (opens in new tab) after clicking on an OBS link that appears to be official.

Bleeping Computer (opens in new tab) investigated the situation and found that phishing scams accounted for a very high percentage of Google's top ads, and that only a fraction of them were actually flagged by antivirus products.

Among them, a fake link for Rufus, a bootable USB flash drive creation tool, rounded out with the word "pro" to make the link more attractive to potential victims, is at the top of Google's list. The link directs users to download a compressed file hidden behind a file transfer service that appears to be secure. This is known as a zip bomb or decompression bomb, and is one of the more difficult tricks to detect.

Scammers have also been found to use what is known as typosquatting, such as "notepad-plus-plus.com."

Scammers can also hide behind seemingly legitimate technology companies, as in the case of 7-ZIP, WinRAR, and VLC, found on a site full of malicious links posing as an Indian web design company known as Zensoft Tech.

"Google makes every effort to review and verify the information provided by advertisers as part of these verification programs," the company's Verification (open in new tab) terms and conditions state.

Google's own policy on ad network abuse (opens in new tab) states that "computer viruses, ransomware, worms, Trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software, and other malicious It clarifies that linking "programs or applications" through advertisements is not permitted. This refers to both "advertisements and software that your site or app hosts or links to."

However, "Violations of this policy will not result in immediate account suspension without prior warning. You will be issued at least a 7-day warning before your account is suspended." This would be to give hacked sites a chance to get their URLs back if they themselves become victims of the hack.

While there are calls for social media companies to be more responsible for the content posted on their sites (opens in new tab), I am sure web users will not put up with Google's somewhat blunt attitude on this matter for long.