Security Affairs
Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts warn of threat actors abusing Google Alerts to deliver unwanted programs

Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to […]

Google Alerts abuse

Experts warn of threat actors using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs.

Experts from BleepingComputer are warning of threat actors that are using Google Alerts to promote a fake Adobe Flash Player updater that delivers unwanted programs. Bad actors publish posts with titles containing popular keywords to allow Google Search to index the content.

Google Alerts is a content change detection and notification service, it sends emails to the user when it finds new results (i.e. web pages, newspaper articles, blogs, or scientific research) that match the user’s search term(s).

Upon indexing the content, Google Alerts will alert people who are searching those specific terms.

Clicking on the links sent by Google Alerts related to the matches in the fake stories, users are redirected to malicious sites under the control of the threat actors the threat actor’s malicious site.

However, experts pointed out that visiting the URL of the fake stories directly, the website will state that the page does not exist.

Bleeping computer experts observed multiple campaigns abusing the Google notification service.

“This weekend, BleepingComputer observed the fake news stories redirecting to a new campaign that states your Flash Player is outdated and then prompts you to install an updater.” states BleepingComputer.

Google Alerts abuse
Source BleepingComputer

Once Clicked the ‘Update’ button, the victim will download a setup.msi file that installs a potentially unwanted program called ‘One Updater.’

Even if “One Updater” is not a malware, we cannot exclude that this technique could be used by threat actors to deliver and execute malicious payloads in future attacks.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Google Alerts)

[adrotate banner=”5″]

[adrotate banner=”13″]