Google is once more serving up malicious websites in more prominent positions than legitimate pages in its search results. This time around it’s within search results for some users looking for AMD driver downloads according to a Reddit user (opens in new tab) on the popular PC Master Race subreddit (via PC World (opens in new tab)).
The link in question wasn’t part of the search results proper but Google’s context-aware curated ad links which can appear above search results. We have been unable to replicate the results, but can confirm the malicious website shown in the Reddit poster’s search results is real enough.
The site mimics AMD’s official website design and branding, including the use of AMD IP, and links to an extremely dubious .exe file for download under a heading of “Auto-Detect and Install Driver Updates for AMD Radeon Series Graphics and Ryzen Chipsets”.
Needless to say, we absolutely do not recommend you navigate to the website, let alone download the .exe file.
This is far from the first time something like this has happened, what with phishing scammers buying Google ad slots to impersonate Whatsapp (opens in new tab) last month and a fake EVGA website created around the Memorial Day sales event was given more prominence than the official page in search results last year. But it’s particularly disappointing to see Google linking to what is clearly not a legitimate website and thus facilitating the distribution of malware at the top of a search results page.
While the malicious nature of the website ought to have been obvious to Google, at a glance it could well be convincing enough for casual PC users. It’s fully branded with AMD logos. It even has a few functioning hyperlinks that send users to legitimate parts of AMD’s official website.
Of course, it doesn’t bear close inspection, with most of the links redirecting in circular fashion to the same highly dubious URL. But it’s not at all hard to imagine someone landing on the page, seeing the nice big ‘download’ and firing away.
We’re not sure what nasties are contained in the malicious .exe file. But hopefully you’ll forgive us for not sacrificing a Windows installation to find out.