If you’re among the internet users who visit a search engine to open software download sites (basically everyone), you might want to hold your hands before moving further. That’s because any innocent software download advertisement could be hiding malicious apps or adware.
Bleeping Computer spotted a fishy Chrome advertisement when using Bing search engine. The advertisement appeared against the search query “chrome download.” The advertisement had a URL and look similar to other Chrome ads, so, it was hard to question its legitimacy.
After clicking the ad, the user is redirected to a web page called www.googlechrome2018.com. A download prompt then appears on the screen. The setup disguised as ChromeSetup.exe has been identified as InstallCore bundle by VirusTotal.
ChromeSetup.exe, when launched, further asks users to install different apps including potentially unwanted programs (PUPs). It then installs a Portuguese version of Google Chrome.
What if a user is already using Chrome? There is something for such people. If you visit the page via Bing using Chrome, a download prompt for an extension called Chrome Search Manager appears.
Bleeping Computer said they’d reported the ad to Bing and it might take a few days to be taken down. I wasn’t able to see it after searching for the same query. Possibly, they have removed it already, or the said advertisement has a limited reach.
Still, it’s advised that you should download any software from trusted download portals or directly from the developer’s website. And it doesn’t mean that you should stop clicking ads altogether, just pay attention to the URL in such cases.