This malware is posing as Google Authenticator using Google ads — here's how to protect yourself

News
By published

The irony is palpable in this latest malware attack

Google Search
Google Search (Image credit: Google)

Recent malware attacks have become more advanced, and the advice to keep your device safe is no longer as easy as "Don't click on any random links sent to you." Threat actors are seeking victims out with more concealed measures, like this fake ad for Google Authenticator that looks like the real deal, identified in a July 30 report by Malwarebytes.

After users click on the fake ad, they're redirected multiple times until finally landing on a fake site for Google Authenticator hosted on GitHub. If people aren't paying close attention, it's easy to miss these redirects and not notice they're on a malicious site before innocently clicking that 'Download' button.

If this fraudulent Google Authenticator is successfully downloaded on your device, the malware — known as DeerStealer and originally discovered by @anyrun_app on X — will have access to your personal data, specifically via an "attacker-controlled website hosted at vaniloin[.]fun."

With such well-concealed malware floating around on the internet, how are you supposed to protect yourself? Well, there are a few specific tips to prevent this malware and an all-encompassing solution that could keep you protected without needing to manually vet all links.

How to notice DeerStealer malware

Most of us are familiar with what a sponsored ad on Google looks like, and looking at the malicious ad Malwarebytes took screenshots of, it's hard to spot the differences. The ad shows Google's official website as the URL, and when you expand details about the advertiser, it convincingly reads "Advertiser identity verified by Google."

fake google authenticator ad

(Image credit: Malwarebytes)

Even if you accidentally click on this fake ad from 'Larry Marr,' your device isn't compromised just yet. The DeerStealer malware only gains access to your personal data if you don't recognize the suspicious URL — chromeweb-authenticators[.]com — and download the malicious Authenticator[.]exe file.

malwarebytes screenshot

(Image credit: Malwarebytes)

Unfortunately, your browser's built-in security measures will not recognize this fake site and file as malicious because they are hosted on GitHub, a trusted cloud resource. 

So what is a security-conscious user to do?

The only solution that could protect you from this advanced malware without needing to diligently check every URL yourself is antivirus software. Malwarebytes points out that its own antivirus software detected the malicious payload as "Spyware.DeerStealer," and there are multiple other antivirus solutions available that would work similarly.

Even taking precautions the modern internet is a hazardous place, so investing in one of the best antivirus apps that is available for desktop and mobile is the best solution to keep yourself as safe as possible.

More from Laptop Mag

Sarah Chaney
Sarah Chaney
Contributing Writer

Sarah Chaney is a freelance tech writer with five years of experience across multiple outlets, including Mashable, How-To Geek, MakeUseOf, Tom’s Guide, and of course, Laptop Mag. She loves reviewing the latest gadgets, from inventive robot vacuums to new laptops, wearables, and anything PC-related. When she's not writing, she's probably playing a video game, exploring the outdoors, or listening to her current favorite song or album on repeat.

Read more
Microsoft Copilot logo with AI sparkle symbol, "Hi, how can I help?" is written below.
Microsoft Copilot just helped me pirate Windows 11 — Here's proof
A keyboard with a button that says "SCAM?"
A years-long scam that began with fake Windows pop-ups ends with PayPal payments
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
DeepSeek whale logo in the style of the TikTok logo.
The DeepSeek mania proves it's finally — finally! — time to talk about AI privacy
Windows 11 on a laptop
This Windows 11 bug can stop your security updates — here's how to avoid it
DeepSeek AI chatbot on a phone
DeepSeek jailbreakers are tricking the chatbot into bad-mouthing the Chinese government
Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters
Microsoft Surface Laptop (7th Edition, 2024)
Windows-on-Arm woes: Amazon warns customers about Surface laptop returns
Apple Watch Series 8
Siri is the biggest obstacle to making the Apple Watch an AI hit
More about antivirus cyber security
TP-Link routers targeted by Chinese state-sponsored cyber attacks

TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one

You need a VPN for school, here are 3 services we recommend
Lenovo Legion 5i Gen 9 against blue gradient background with epic deal sticker.

The excellent Lenovo Legion 5i RTX 4070 gaming laptop hits its lowest price since Prime Day for Amazon's Big Spring Sale
See more latest