Hackers hijack Arc browser Windows launch with malvertising campaign

Bad ads on Google are leading people to malicious sites

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are taking advantage of the Windows launch of Arc browser to trick victims into downloadingmalware.

Arc is a relatively new internetbrowser, first launched for macOS in the summer of 2023 - and initial feedback from both media and the users was positive enough to prompt the release of a Windows version too.

However, at the same time, unidentified hackers were creating websites with typosquatted domains, seemingly identical to the browser’s actual website. They were also creating ads onGooglewhich, due to certain problems the network has, displayed the legitimate website, but redirected people to the typosquatted one.

Spotting bad ads

This meant customers who wanted to install Arc on their Windows device, and had used Google to search for it, would find an ad in the very top of Google’s search results page.

The ad seemingly pointed to the site’s actual website, but led the victims to a malicious site which offered an infected version of the browser’s installer, hosted on MEGA, for download.

Anyone who downloaded this installer would get the browser, but also malware which, according to initial reports, seems to be an infostealer, although confirmation on the malware’s nature is still pending.

Hackers are always taking advantage of major events and product launches to try and trick people into giving away sensitive data, or downloading malware. Events such as the FIFA World Cup, Olympic Games, Chat-GPT launch,Windows 11launch, and others, have all been abused in the past to deliver bad code to people.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The best way to protect against these attacks is to always type the website address into the browser, instead of “just googling” it. If you don’t know the site, be mindful of the search engine results, and always double-check the characters in the address bar before downloading anything.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)