Bing pushed malware when users tried downloading Chrome: Details here
Microsoft's Bing search has been caught serving malware to users who tried downloading Chrome using the company's Edge browser. The search engine displayed a phishing website as the top result instead of the original Chrome download page. Many users were able to replicate the problem, but now, it appears to be fixed. Here are more details.
Search for 'download chrome' went to fake website
The issue came to notice when Twitter user Gabriel Landau tried installing Chrome on his new Windows 10 machine. Just like many of us, he opened Microsoft Edge, which is the pre-installed browser, and looked up for the keyword 'download chrome'. The top result was an ad headed to 'Google.com', which looked pretty genuine but redirected him to a fake website with domain 'googleonline2018.com'.
Even the website seemed authentic, downloaded 'ChromeSetup.exe'
Though the fake website had a different domain, the landing page was pretty much similar to that of Google and good enough to fool people. More worryingly, when Landau clicked the 'Download Chrome' button on the website, it downloaded a seemingly genuine installer named 'ChromeSetup.exe'. But, it was some sort of a malware, which the observant user was able to verify from the installer's properties.
Here's the fake website
Digital Signature from 'Alpha Criteria Ltd'
When Landau investigated the digital signature of the program from the properties section, he found that the installer downloaded was from Alpha Criteria Ltd. and not Google. Also, Chrome and Firefox were immediately able to flag the fake website as deceptive.
Microsoft removes the fake ad
When Landau reported the issue on Twitter, several users were able to replicate the problem, noting that the fake website appeared as Ad after refreshing the page a few times. However, Microsoft resolved the issue soon after that. The company's Bing Ads team responded to Landau's tweet, noting it has taken down the fake ad and banned the account associated with it.
Meanwhile, here's how you can avoid such cases
The problem of Bing serving up malicious links has been there for quite a while. As per Forbes, many similar cases have been reported in the past, albeit, with different domains. So, to avoid grabbing malware from a seemingly authentic page, we'd recommend you to visit the official 'chrome.com' or 'mozilla.org' website to download browsers. Alternatively, you can also visit 'google.com' to search.
