Cybercriminals are using Google Ads and advertising campaigns on websites to encourage users to install Signal and Telegram, but instead end up with malware on their phones. The scam, detected by digital security company eSentire, aims to steal users’ personal information for sale on the dark web or future fraud.

According to the company, the campaign disguises itself as a download page for secure messengers, such as Signal and Telegram, with direct links to the files. However, the irony lies in the fact that the downloaded files are AutoIT scripts that cause the device to automatically install Redline Stealer, one of the most popular credential-stealing malware.

Malware that spreads through malicious ads is riding the recent wave of popularity that messaging apps like Signal and Telegram have recently received. Since WhatsApp changed its user policies, both apps have seen significant numbers of users, with 25 million downloads of Telegram and Signal receiving a increase of 4200% in downloads.

According to eSentire’s risk intelligence manager Spence Hutchinson, the scammers have spent time creating “authentic ads and near-exact replicas of popular messaging app pages.” They are also spending money to buy ads from Google, or may have used stolen credit cards to purchase the digital space.

Risks raise old big tech problem in maintaining digital security

eSentire also explains that the campaigns are undermining the (already low) reliability of Google Ads. The company found similar ads using the same mechanics for productivity suites such as AnyDesk or Dropbox.

Fake ads are far from being a malware-only problem, long before the Signal and Telegram cases. Experts have pointed out that Google and Facebook have great difficulties in combating fraudulent websites. Ironically, when Signal itself uses the same advertising mechanics as Facebook for a purpose much less harmful, your campaign is taken offline.

Through which channels you reach those people, classic and out of the box. TechRadar

Image: sigoisette/iStock