I mean, hell, even searching Google for "python" brings you to malware. Please, Google. Convince me that you're doing something about this. Anything at all.

Google: "We have robust policies prohibiting ads..." Translation: "We have rules written down somewhere that state 'thou shall not' under penalty of (??)" Google: "... and we enforce them vigorously" Translation: "We might get around to manually taking down violators eventually.

I'm continuing this thread to have a record of what Google ads link to what malware and when. And also to periodically check if they've done anything about it. Mute the thread if you already grok Google's business model of profiting from malware distribution.

If you're a poor sap that used Google to search for Blender, you'll probably have to scroll to get past the malware ads. Four out of the FOUR Ads for blender link to malware. That's 100%. A+!

How about @AMD or @nvidia? Even though NVIDIA pays Google Ad money, Google encourages visitors to go to malware-distributing site instead of the real company, listing the malware ad first. Presumably for reasons. Neat.

Some of the domain names aren't "obviously" malicious. e.g. the schumanlawfirm[.]com site that you get as an ad for "winrar" 🤔 It seems like a normal site. But when you view it with the google Referer header, plus the appropriate utm_term value, you get the fake download site.

You also get the same schumanlawfirm[.]com malware site when you search for 7-zip. And it still serves up the WinRAR-branded malware. "I don't click ads" "I wouldn't fall for this" "I use an ad blocker" Congratulations? Some people do fall victim to this. It's a numbers game.

We're over 1 week into when I personally first started pulling this thread, and the Google malware ads are still going strong. Presumably it's been happening well before I started looking into it.

Google employee 1: www[.]homeforcutepets[.]com has paid us money to advertise their link for any time somebody searches for "winrar" This seems a bit... weird? Google employee 2: What part of "has paid us money" don't you understand? Google employee 1: Sorry. Let's promote it!

How about winrar (again)? Google ad for www[.]rajaimpexindo[.]com which redirects to rar-lab[.]top which has download w/ a VT detection rate of 0 But retrieves PowerShell from softs-lab[.]ru/winrar.gpg which installs GPG and decrypts bad stuff w/ password of "putingod"

It would be useful to know all the targeted #GoogleAdMalware ad words. But TBH, I'm just picking some apps that I think are popular, and/or ones that @malwrhunterteam mentions. Google might be doing *something* about it, but it's not enough to be noticeable. The ads are bad. 🤦‍♂️

And while the #GoogleAdMalware download for Visual Studio Code gets 10 detections on VirusTotal, the malicious fake WinRAR installer still gets ZERO detections, despite being first submitted two days ago. Google is still promoting malware. AV isn't detecting things. Good luck? 🤷‍♂️

The next time my Twitter feed spontaneously switches to "For You" is probably when I'm done with this site.