Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security The Gimp Advertising

Google Ad For GIMP.org Served Info-Stealing Malware Via Lookalike (bleepingcomputer.com) 19

joshuark shares a report from BleepingComputer, written by Ax Sharma: Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP.org,' the official website of the well known graphics editor, GNU Image Manipulation Program. This ad would appear to be legitimate as it'd state 'GIMP.org' as the destination domain. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware.

Reddit user ZachIngram04 earlier shared the development stating that the ad previously took users to a Dropbox URL to serve malware, but was soon "replaced with an even more malicious one" which employed a fake replica website 'gilimp.org' to serve malware. BleepingCompuer observed another domain 'gimp.monster' related to this campaign. To pass off the trojanized executable as GIMP in a believable manner to the user, the threat actor artificially inflated the malware, that is otherwise under 5 MB in size, to 700 MB by a simple technique known as binary padding.
It still isn't clear if this instance was a slip up caused by a potential bug in Google Ad Manager that allowed malvertising.
This discussion has been archived. No new comments can be posted.

Google Ad For GIMP.org Served Info-Stealing Malware Via Lookalike

Comments Filter:
  • Adblock (Score:5, Insightful)

    by fph il quozientatore ( 971015 ) on Wednesday November 02, 2022 @05:43PM (#63020393)
    Yet another reason to use Adblock.
  • "Gump" sounded a little off, like the time I got a nice discount on my "Relox" watch.

  • The real question is, what did these people think they were downloading?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      GIMP?

  • Not a bug (Score:5, Informative)

    by NewtonsLaw ( 409638 ) on Wednesday November 02, 2022 @05:59PM (#63020443)

    Not a bug in Google's systems.... they have REPEATEDLY shown that they don't give a damn about anything but their profits.

    YouTube carries scam-ads served by Google all the time and even when thousands of people report the scam, the ads are still running many months later.

    Nope, so long as you're prepared to pay the bill, Google doesn't give a damn what harm you're doing through its ad network :-(

    • Yup. From TFA:

      Google lets publishers create ads with two different URLs: a display URL to be shown in the ad, and a landing URL where the user will actually be taken to.

      There's your problem right there. If you specifically design the system to allow URL misdirection, of course scammers will take advantage of it. But hey, anything for a buck.

  • by fahrbot-bot ( 874524 ) on Wednesday November 02, 2022 @06:03PM (#63020457)

    But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware.

    At least it didn't install Photoshop. :-)

  • This is not the first time someone has rebundled GIMP, especially as an installable package for Windows, and burdened it with unwelcome binaries. The previous notable time was at the Sourceforge hosted source code repo with a binary apparently published by Sourceforge employees.

    https://www.developer.com/news... [developer.com].

    Photoshop has gotten cheaper for most people, with a subscription based license scheme, so it's often worth thinking about whether to spend time mastering the less

    • Well... I did the switch from Photoshop to gimp. It takes some time to get used to the quirky GUI. But once you are passed that, it is fine for all the work I do.
    • Photoshop has gotten cheaper for most people, with a subscription based license scheme, so it's often worth thinking about

      Nope. "Subscription based" means perpetual rent. I'd much rather own the means of production than to be a constant slave to the tools. Even if they are inferior. Adobe products will never be a consideration for me until they put a cap on that siphon of theirs.

  • Have malware coders started using .NET or what?

  • Google made a deal with Adobe to keep its copies of Photoshop from being reamed by the Pantone virus.
  • by LubosD ( 909058 ) on Thursday November 03, 2022 @04:17AM (#63021239)

    Same happened with my bank. The ad really looked 100% like the real deal. It took Google *days* to take it down.

  • apt-get install gimp

  • I've seen, with my own eyes, Google do the same thing with Walmart.com. That was after a number of users had reported their computers screaming at them that they were infected.

    It was the top result, a promoted ad.

  • LOL, what was the URL? girnp. org? notphotoshop. org?

Basic is a high level languish. APL is a high level anguish.

Working...