A month ago, sharp-eyed Reddit users noticed that when they searched for AMD graphics card drivers on Google, suspicious text ads were displayed as the first result. Our advice then (as it is now) was to be careful when searching for Radeon software, and also to maintain good search habits in general. Life is much easier when you bypass malware.
At the time, the incident seemed more like a one-time occasion for heightened awareness. Even with a recent report that Bitwarden was suffering from a similar problem, using Google seemed mostly commonplace. It turns out that while our threat alert should be set much higher – other major downloads like Adobe Reader, Microsoft Teams, OBS, Slack, and Gimp are also targeted.
As detailed by Ars Technica, the surge in malicious ads is a new phenomenon due to Microsoft’s improved blocking of dangerous Word macros. When one field dried up, bad actors simply moved to another to farm. The trend is so bad that security researchers sounded the alarm, but so far, Google has not fixed the problem, although the company commented to Ars that “solving the problem [the increase in malicious text ads] is a top priority.” Until the right fix is rolled out, this leaves everyone who uses Google searches to fend for themselves in the meantime.
One of these links is not like the others.
So what can you do? The standard answer is “Don’t click on results marked as ads”, of course. You can also always check the link address to make sure it’s authentic, and scroll down the page to see if you find a duplicate result. Currently, if you see a second link to the same site, it’s usually more reliable because the ads are placed right at the top of the results. And as a last resort, you can install an ad blocker in your browser like uBlock Origin. Sites that you trust and want to support can be manually added to the extension’s approved list (which allows ads to be shown), while everyone else (including Google) will be checked.
None of these precautions are bulletproof on their own, but collectively you should be able to avoid most bad links. And when you click on a search result? Do not download or install anything until you view the page. Make sure you scan any downloads with your antivirus software.