While this combination of phishing/typosquatting isn’t necessarily novel or unique, it could still be detrimental to an organization if an employee was to fall for it. Additionally, the use of Google search advertisements makes it more likely that an employee would fall for a campaign such as this, as the fake site often appears before the legitimate site. As with most types of phishing attacks, the best defense against campaigns utilizing these techniques is user education and prevention. End users should be made aware of this technique pushing malicious tools. Additionally, they should be advised to use ad-blockers on their work computers to help prevent against this. It may be beneficial to also monitor any downloads from sites with suspicious top-level domains such as “.pro”, but this would only catch some of the activity from these campaigns. In the end, it is best to have a defense-in-depth strategy to catch this activity earlier in the attack chain.
https://www.bleepingcomputer.com/news/security/hackers-turn-to-google-search-ads-to-push-info-stealing-malware/
