Hey all!

While investigating some malvertising campaigns today, I noticed that one of the sponsored google search results, upon hovering, appeared to be changing/resolving through rather than simply showing what link was being used by the result.

Any ideas as to how this hover url result works and if you can disable resolving/force top-level results upon hovering over anchor elements?

Malvertising is hot hot hot!

  • stevedidwhat_infosecOP
    link
    fedilink
    arrow-up
    1
    ·
    6 months ago

    So when you hover over an item usually, it shows on the bottom left/right what the link is

    But in this case (edge and chrome) I see the link actively changing and like resolving or something of the sorts. Very odd. I don’t normally use these two put it was the only way I could see the sponsored links (thanks Firefox!)

    Normally I’d expect just a static “this link here, goes here” rather than it changing in real time like this. Wondering if it’s normal chrome/chromium behavior or if this is an exploitation of google search functionality stemming from the google search source code leaks from earlier last week or the week prior.

    Very interesting stuff.