By Adam Kujawa, malware intelligence analyst, Malwarebytes
Various download sites have been plastering ads all over their pages for years, some of which are just for other types of software and some of them are for services. However, a new trend among these ads has emerged, adding an extra download button where there should not be one. Many users have been falling for this simple trick of putting in a big and shiny download button in ads as a method of tricking people into clicking it when they try to download the file they want. This trickery is not only annoying and confusing but also opens an avenue for redirects to malicious sites that can exploit your browser and infect you with malware.
The trick is actually very simple and obviously effective as the ads continue to obtain attention and therefore the use of this method continues. In some cases, they are obviously fake, but in others it requires actually looking at the link and seeing where it points in order to determine whether or not link is legit or not. I will be showing numerous examples of this method in use that I obtained from real download sites and discussing each one.