Google Ad serving fake OBS website with Malware

[Medievaldragon]

1. I opened Google.
2. I typed OBS studio.
3. The first option at the top was: https: //project-obs / org

The website looks exactly the same as the official OBS Studio. None of the links for download, blog, and Help worked. When I clicked the forum link (or the download one) my Malware app blocked the loading page with a warning.

I looked back and the OBS result was actually an Ad.

 

[riprof]

Just wanted to confirm this is happening -- and that the potential consequences are serious.

I did an update to 28.1.2 on 12/6/2022 on my home office PC, and apparently downloaded one of the infected installers. The install worked fine, but I see now the file was 655MB instead of ~120MB.

Two days later, several social media and email accounts of mine were compromised and vandalized, and most seriously, someone made >$12,000 purchases with my Amazon account.

Running Avast, Malwarebytes, and Hitman, some sort of trojan was present with all the relevant directories created at the time of the OBS install, and a "sys64.exe" file in the OBS \local\appdata directory.

I of course feel like an idiot, I know better than to not watch out for fake download sites, but I admit I was frazzled after a very late night in the hospital with a family member then unexpectedly needing to do a video presentation first thing the next am. I imagine I clicked on the first google return and then the dl link and just wasn't paying attention.

 

[R1CH]

Many of the samples we see are unfortunately not fully detected by antivirus engines, if you want to be 100% safe I would recommend wiping and reinstalling. This isn't limited to OBS either - never click search engine ads for any software.

https://twitter.com/FBI/status/1606024327614308360