Fake links to Notepad++. Beware of results on Google
When using Google search, one must be careful with the first, sponsored results on the list. Scammers constantly use the option to purchase advertisements to direct people to rigged sites who want to download authentic software. The latest campaign involves Notepad++.
7:23 PM EDT, October 18, 2023
Bleeping Computer warns of the hazard, citing Malwarebytes and pointing out that in this case, the scammers didn't even bother to create an authentic-sounding domain for their own site. The problem pertains to the popular Notepad++ editor, under whose official distribution site someone is attempting to masquerade. In Google, you can come across doctored, sponsored links, which lead to the download of an infected version of the software.
Interestingly, in this case, it is not entirely clear what harmful software is ultimately downloaded to the victim's computer in the form of a payload. However, Malwarebytes warns that we are dealing with the Cobalt Strike software, which can be used for various types of attacks. It's a tool that originally emerged as software for simulating advanced attacks, but over time it began to be used by authentic attackers as well.
False links among Google search results is a problem that has been reported for some time. The fact that such fakes make it to the search engine as sponsored links can be infuriating, yet this doesn't change the fact that the user should be cautious and consciously use the search engine, paying attention to which links they click. A simple ad-blocker can serve as a safeguard, most likely cutting out the first links that are advertisements from Google.
In the context of fake links in Google, it's important to remember that not all such manipulated sites are easy to identify, as in the case of the scam involving Notepad++ app. We recently mentioned a similar case with the Webex program, where identifying the scam was not that obvious.