Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. At least one prominent user on the cryptocurrency scene has fallen victim to the campaign, claiming it allowed hackers to steal all their digital crypto assets along with control over their professional and personal accounts.

In a post on security forum Reddit, the victim explained how the attack unfolded. "A few days ago I had a Google Chrome update pop up on my own computer that recommended VLC, 7-Zip and CCleaner due to these sites being offline. I'm not sure if they were actually real but it looked like Google was showing an ad for Top10Hacker and other scam sites as one of the results," he explained.

"I just thought it was funny that Goggle thought this was okay to show in their search results. Then after it finished downloading VLC, 7-Zip and Ccleaner I closed out of my browser and got a message stating that Google Chrome has stopped working. I rebooted my computer, and it was a little slower than usual. I left it alone for a few hours then downloaded CCleaner to check my PC. After installing CCleaner, I logged into my google account on my phone and noticed all of the passwords that Google has saved on my phone had been emailed to me automatically via text message."

The hackers then used the legitimate version of CCleaner to execute the following command, allowing them to remotely execute commands with root access on the victim's computer:

/usr/local/cc_bin/cleaner -u /tmp/.rvm-root-cache -d –force-reinstalls /tmp/.

‍

Source: Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner - AlienVault - Open Threat Exchange