Bing is promoting malware in “Google Chrome” searches
Malicious files disguised as Google Chrome are appearing in Bing search results, and it’s not even the first time this has happened
We all like to think that we're tech-savvy enough to avoid getting scammed by fake websites, but apparently it's all-too terrifyingly easy for malware to slip through the cracks.
It was recently discovered that Bing had been promoting a link to a phishing website to users searching for a Google Chrome download link.
This issue was brought to our attention last week, when Twitter user Gabriel Landau tried downloading Google Chrome through Microsoft Edge, the default browser on his new Windows 10 computer.
Searching for "download chrome" yielded an ad as the top result, which led to "www.google.com." This link took him took him to googleonline2018.com, a scam website designed to look similar to the real thing. When I tried visiting this website using Chrome, it blocked it as a deceptive site. However, as people like Landau found out, Bing had let this scam through to the front page, despite the fake URL.
While the malicious ad didn't appear in every search, several other Twitter users were able to recreate this issue, but only by using the Edge browser. Both Firefox and Chrome were able to recognise the website as a scam.
Landau was able to identify the downloaded file as malware by inspecting its digital signature, and found that the installer was not made by Google, but by Alpha Criteria Ltd., a known distributor of malware.
This whole thing sounds oddly conspiratorial. Microsoft responded by removing the ad, but since this isn't the first time this ad has popped up on Bing, we can't guarantee that the issue is permanently solved.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The company attempted to contact Landau on Twitter, encouraging him and others to report suspicious ads to their website. So far, there has been no word as to whether or not Microsoft is making any attempts to prevent these attacks in the future.