Cybercriminals have reportedly managed to trick another Google service into providing malicious applications to users without mistrust.
Their latest target is the Google Alerts service, which the researchers say has been abused to spread bogus data updates Adobe Flash Player.
The latest campaign is added to the growing list of Google services that have been repeatedly innovatively abused by threat actors for malicious purposes.
In this latest instance, some unscrupulous elements First create fake stories with headlines containing popular keywords in order to get the attention of search engine bots.
Once these fake stories are indexed, the Google Alerts service will send them to the inbox of people who have set up alerts to track these keywords.
By trusting them because they are recommended by a Google service, when you click on the fake stories you are redirected to a malicious site, which is promotingof all kinds of potentially unwanted programs (PUPs).
Blee pingComputer recently observed such a campaign which used the fake Google Alert story to send a notification suggesting users to install an app to update their outdated Flash player. Unsurprisingly, the app then promotes
This is just one of the recent examples of scammers exploiting the trust of Google services for malicious purposes. In the past, threat actors have abused Google Forms and Google Sheets for malware command and control communications. Security researchers recently discovered a web skimming operation that took advantage of the reputation of the Google Apps Script domain.