Google keeps recommending ads that will steal your bank data

As an Amazon Associate, we earn from qualifying purchases. TweakTown may also earn commissions from other affiliate partners at no extra cost to you.

The state of web search algorithms are in an interesting state in 2025. AI search summaries headline a good chunk of search results, and the internet is becoming increasingly dominated by AI-generated content.

However, a new threat to look out for has emerged: in the form of sponsored links in search results that contain cURL commands to malware. In this instance, the case involved the software package management tool 'Homebrew', for which users were being served ads that seemingly displayed the correct URL, but redirected users to a malicious link.

Canadian web developer Ryan Chenkie took to X to highlight the discrepancy, urging developers to exercise caution when installing the tool. As reported by Digital Trends, the scam works through a strategy called URL cloaking. Malicious actors create thousands of accounts simultaneously and use text manipulation and cloaking techniques to evade detection. They show reviewers and automated systems safe-looking websites, while regular visitors are redirected to malicious dummy sites

3

From a user perspective, the advice is to check an ad's displayed URL before you click, and to check it after it loads. All it takes is one different character to be redirected to a site that could potentially compromise your personal information. However, for most users, this is not a viable long-term solution.

3

Google is reportedly on the case, "increasing the scale of its automated systems and human reviewers". In the meantime, we'd advise that you install an ad blocking extension (uBlock Origin), or opt for a privacy-focused search engine such as DuckDuckGo.