A week-long infection chain led to malware that included a Google ad, a fake TeamViewer page, and a Microsoft Installer package that used free or open-source software, as well as other malware.

The chain starts with a fraudulent Google ad that redirects the victim to a page not hosted by Google, but instead claimed to be from TeamViewer.

This page then warns the user that they have malware and prompts them with a fake "update" button.

When they click the update button, they are redirected to a Microsoft Installer package, where it is already too late.

The installation process steals their data and sends it back to command-and-control servers under the attackers' control.

The main purpose of the Microsoft installer package, however, is to download additional malware onto the infected computer.

‍

Source: Google ad traffic leads to stealer packages based on free software - AlienVault - Open Threat Exchange