A new method is out for distributing BumbleBee malware: Google Ads. Researchers at Secureworks discovered Google Ads campaigns and downloads promoted through high-ranking sites in Google Organic Search that included malware along with downloads of popular software, including Zoom and ChatGPT.
Employees who search for installation packages for popular programs may come across these downloads through ads or Organic Search listings. The downloads do contain the software installer, but they also contain a second file that deploys BumbleBee malware, a back-door program that can give hackers the access they need to steal business data or deploy ransomware. BumbleBee is one of the more dangerous malware trojans, as it can install itself without setting off antivirus software.
Why This Malware Scam Works
Most employees are not software experts and may not detect the presence of malware in a download. If they see an ad or a search listing for software they need, they will click. In this case, a compromised WordPress site was used to create phony pages that mirrored the look of the actual software makers. The only way to discover the malware was to examine the download file.
Scams like this rely on a lack of employee sophistication, an urgent need for the employee to install or update software and the appearance of legitimacy to trick people into installing malware. If a Google ad or a top search listing looks legitimate and points to a legitimate-looking site, the download must be legitimate. If the download works and the software installs correctly, why would anyone suspect a scam? An employee who downloaded this malware would find the experience so ordinary and problem-free that they may not even consider it when asked by IT if they experienced anything unusual ahead of a ransomware attack.
Every Business Should Take These Steps to Prevent Malware Attacks
Google has an obligation, and considerable financial incentive, to protect its users from advertising and search-based scams. The company has protections in place to prevent hackers from promoting malicious software, but the same hackers that target businesses with malware also work to circumvent Google’s protections. Fraudulent sites do not last long, but they are a risk, which puts the ultimate responsibility for stopping these malware attacks on individuals.
There are three levels of defense that businesses can use to prevent malware downloads, with varying levels of success.
- Prevent employees from downloading software. If you have the resources and a central IT department, this is the highest level of security available. All employee software downloads can be blocked, which prevents these types of scams. The tradeoff may be a very busy schedule for IT employees, who will need to handle every software download request. Depending on the size of your business, this may result in delays for employees who need to download new software or updates.
- Discourage employees from downloading software. Company policy can be set to discourage downloads or to download software only from sources supplied by IT professionals within the organization. This is less effective than a ban, as some employees may circumvent the policy, so it works best in conjunction with employee cyber security training.
- Train employees to download only from trusted sites. Employees should be trained to only download software from the manufacturer, and to go directly to the manufacturer’s site whenever they need a new installation or update. Businesses can reinforce this practice by providing all employees with a list of links to software sites, either by email or through a company Intranet, so that employees do not rely on search to find software publishers.
These legitimate-looking malware attacks are the stuff of nightmares for cyber security professionals because they can deceive almost anyone, even well-trained employees, into downloading malicious software. Business policies can go a long way toward thwarting these hacking attempts, but they work best when combined with vigilant, empowered employees who value company security and speak up when something seems wrong. Protect Now can help you develop a vigilant workforce through our CSI Protection Certification program. To learn more, contact us online or call us at 1-800-658-8311.