— Gabriel Landau (@GabrielLandau) October 25, 2018
In a video that Landau posted on his Twitter account, he showed how he searched for “download chrome” on Bing through the Microsoft Edge browser. He clicked on the first link that appears, which is marked as from “,” leading to what appears to be the legitimate Google Chrome download page.
However, upon closer inspection, the URL for the page is “googleonline2018.com.” The page is not an exact replica of the official Google Chrome landing page, but it looks real enough to trick users. In addition, clicking on the Download Chrome button starts the download for, but checking the file’s properties reveals that it is digitally signed by a company named Alpha Criteria, which is obviously not Google. It is very likely that the fake file contains malware.
An investigation by How To Geek revealed that the fake website is actually marked as a “deceptive site” by Google Chrome, but it is not flagged as such by Microsoft Edge and Bing. The Bing search query was reproduced on some systems, not all, but it was only appearing on Microsoft Edge.
The major issue here is that Bing is apparently not checking the URL of the search result, allowing what is likely malware to be downloaded by unsuspecting users. Making matters worse is that Bleeping Computer reported the same advertisement in April, so this is a recurring issue.
A Microsoft spokesperson reached out to How To Geek to say that the fake ad has been removed from Bing, and that the account associated with the malicious content has been banned. However, there was no explanation on why the ad was marked as from “,” and no assurance that the ad will not reappear again after a few months.
The issue drives home the point that users should always be extra careful about downloading anything from the internet. Even if websites and links look legitimate, it is always best to check everything thoroughly to prevent headaches from malware infections.