Jannis Kirschner, an independent security researcher based in Basel, Switzerland, searched on Sunday for the desktop version of the popular messaging application Telegram.
The second Google result, an advertisement, led him straight to malware disguised as the desktop version of Telegram for Windows. It was convincing enough at first glance that Kirschner says he “almost fell for it myself.”
It’s a common ploy for malware distributors to use the same advertising tools that online merchants use to lure people. Google patrols its advertising ecosystem to stop abuse, but malvertising remains a persistent problem.