GIMPFeb 1, 2023

A few months ago, we warned that malevolent people were buying Google ads leading people to fake #GIMP websites to trick them into downloading malware.
Apparently this is still continuing to this day (as were reported to us). Google is still not blocking these fake ads despite the many reports and articles which happened for months now. 😓

Be careful and always make sure where you download your software from. Also the GIMP project doesn't buy ads!

https://floss.social/@mithrandir@defcon.social/109773987578181949

mithrandir (@[email protected])

Attached: 2 images More malware from malicious Google ads. gemmp[.]shop and gliimp[.]click redirect to gilmp[.]org where gimp-2.10.32-setupx32x64.zip is downloaded from cdn.discordapp.com. After removing the excessive padding from the download, uploaded the exe to VirusTotal - going to dig into it a bit more later. https://www.virustotal.com/gui/file/6262cff03c465550e501f1f15c942d641a1a79edc4d52286abd8158a53aef220/detection #malvertising #malware #intel #gimp

DEF CON Social
Show threadDerek 🌈Feb 2, 2023
@GIMP @cautionwip I have done a few things. I never click on add search results now, and over a year ago I switched to #DuckDuckGo. They do have ads, but hey. At least it’s not #Google?
Show threadCautionWIP 🎃+🇨🇦+🏳️‍🌈= Feb 3, 2023
@mayor @GIMP Yah, it's still difficult, there are so many sites that come up on DDG whose URLs direct to a googleads tracking portal or include Google-ads trackers that are page-based. Many sites use GoogleAds simply because they have integrated tracking that can be used to measure effectiveness of a given campaign. There are even official sites that use them for that. My ad-blocking system blocks google-ads tracking so I have to turn it off for sites like that. It's an issue.
Show threadDerek 🌈Feb 3, 2023
@cautionwip What do you use to block ads? I am using #PiHole. I feel like they could have picked a better name.
Show threadCautionWIP 🎃+🇨🇦+🏳️‍🌈= Feb 3, 2023
@mayor I LOVE the name PIHole. lol.
I was going to set up a PIhole server, but my new ISP (https://oxio.ca if you're interested, and if you go with them, lemme know, I have a referral code that'll get you and I both a free month service) provides hardware (Eero 6+) with a baked in ad-blocker I've found surprisingly effective. They're a reseller who have no call center, they do their support via text/email, but I've found them surprisingly responsive. They're new though, so caveat emptor.
oxio | Forfait internet résidentiel au Québec, Ontario et BC.

Un fournisseur internet résidentiel que vous aimerez réellement. Forfaits sans contrats, ni astérisques partout et 60 jours pour changer d’idée.

Show threadDerek 🌈
@cautionwip Ph wow! i did not know there was such a thing. Glad that they have something. I live in Washington state, so I do not get the cool Canadian internet down here.
Feb 3, 2023 at 1:36amWeb