PotatoNet Uncovers New Illegal Advertising Phishing Method Using Google Image Search
Money Today – Sae-rom Park, Reporter | October 4, 2023, 18:25
PotatoNet, a renowned threat intelligence company, has recently revealed the detection of an unlawful advertising phishing technique utilizing the Google image search feature.
As a measure to ensure user safety, Google provides the Safe Browsing service which aids in warning individuals when they attempt to access potentially dangerous websites. This invaluable service aims to offer secure search results for users utilizing Google’s search engine and protect their browsing experience when using the Chrome browser.
However, a new and troubling method has emerged wherein illegal phishing sites are being advertised through Google image searches. Typically, when a search term is entered into Google, related site information including the website’s title and address are displayed, as shown in ‘Figure 1’.
Unfortunately, when conducting an image search on Google, as depicted in ‘Figure 2’, only the title information and alternative image strings are presented. In essence, the actual website address remains concealed.
Consequently, this newfound illegal advertising phishing method takes advantage of the fact that identifying a website address solely through a Google image search is a challenging task. ‘Figure 3’ demonstrates that when hovering the mouse over the image, a new string appears, showing the web address at the bottom of the browser. However, as this appears as a Google search keyword, general users may find it difficult to recognize the actual web address unless encoded in a URL format.
Disturbingly, individuals who click on an image based solely on Google search information will unknowingly be redirected to the advertised website, triggering a pop-up message that reads “CLICK > TO CONFIRM YOU ARE NOT A ROBOT”. By clicking ‘Allow’, users unwittingly grant permission for push notifications from the malicious ad server. Upon verification by PotatoNet’s threat intelligence team, it was confirmed that clicking ‘Allow’ led to an advertising site.
Furthermore, this illegal phishing method unleashes an advertising window in the lower right corner of a computer screen. Deceptively, the content displayed varies based on the user’s IP or search term. It has been noted that this illicit activity primarily employs the ‘.top’ domain, often associated with Chinese IPs (e.g., vvfal.ironforgemaster.top).
Currently, vvfal.ironforgemaster.top is inaccessible due to a DNS error. These malicious websites continuously appear and disappear, camouflaging their illicit behavior through connection errors or application glitches. In light of this, PotatoNet advises users to exercise caution when encountering text messages or emails from strangers, such as messenger texts. Additionally, special care is warranted when conducting image searches, as verifying the authenticity of the website address can pose a significant challenge.
PotatoNet, being a leading provider of threat intelligence, specializes in research and development to detect and protect against various web threats, including phishing, malware distribution, and more.
[Copyright @Money Today, All Rights Reserved. No reproduction or redistribution without permission.]
Money Today Sae-rom Park Reporter | 2023.10.04 18:25
PotatoNet announced on the 4th that it had detected an illegal advertising phishing method using image search.
According to the company, Google provides the Safe Browsing service, which displays a warning message warning users that they are at risk when they try to access a dangerous site. This is to provide safe search results to users using Google Search and to protect secure website access through the Chrome browser.
Recently, a new method has emerged that leads to illegal phishing sites being advertised through Google image searches. When you enter a search term in Google, related site information and a website address are displayed as shown in ‘Figure 1’.
Figure 1. Search results show the website title, website address, and search-related information. However, as shown in ‘Figure 2’, only title information and alternative image strings are found in Google image search. In other words, the website address does not appear.
Figure 2. In image search results, the website address is not visible except for the image and web page title information. As shown in ‘Figure 3’, when you hover the mouse over the image, a new string appears and the address appears at the bottom of the browser. However, it is an illegal advertising phishing method that takes advantage of the fact that it is difficult to verify the website address in the form of a Google search string.
Figure 3. When you hover your mouse over the image, a web address appears at the bottom, but since it is a web address that appears as a Google search keyword, it is difficult for general users to recognize the web address after ‘to encode by URL. If you click on an image based solely on Google search information, you will automatically be redirected to the website you are visiting and a message will appear saying “CLICK > TO CONFIRM YOU ARE NOT A ROBOT”. If you click ‘Allow’, you will receive push notifications from the ‘malicious ad server’. When PotatoNet’s threat intelligence team confirmed it, I clicked ‘Allow’ and was taken to an advertising site.
In addition, this illegal phishing creates an advertisement window in the lower right corner of the PC. Specifically, it tricks users by changing content depending on the user’s IP or search term. It has been confirmed that the ‘.top’ domain, which is detected as a Chinese IP, is mostly used (example: vvfal.ironforgemaster.top).
vvfal.ironforgemaster.top is currently unreachable due to a DNS error. Illegal and malicious websites appear and disappear again and again, hiding their malicious behavior through connection errors or application errors. PotatoNet said, “You should be careful about text messages or emails from strangers, such as messenger texts,” and added, “Special care is needed when searching for images where it is difficult to verify the address.”
PotatoNet, which detected illegal ad phishing this time, is a company that specializes in threat intelligence. We research and develop solutions to detect and protect against web threats such as phishing, phishing, and websites that distribute malware.
[저작권자 @머니투데이, 무단전재 및 재배포 금지]
#PotatoNet #detects #illegal #advertising #phishing #image #search
