Search Ads Become Channels for Malicious Apps... Naver Strengthens Response

Malicious Apps Distributed via Powerlink Ads When Searching for Telegram and KakaoTalk
Naver: "Immediate Block and Enhanced Monitoring"

Telegram Malware App Found on Naver Search. Image Provided by Office of Minhee Choi

After downloading Telegram through 'Powerlink,' Naver's search advertising platform, malware was discovered within the app, prompting a warning for users to exercise caution.

According to Minhee Choi, Chairperson of the National Assembly's Science, ICT, Broadcasting and Communications Committee, in mid-November, searching for 'Telegram' on Naver exposed users to a Powerlink ad that led to downloading an app embedded with malware. During the same period, similar Powerlink ads were found when searching for 'KakaoTalk,' 'NateOn,' and other services, which also resulted in the installation of malicious apps.

Powerlink is a search advertising system operated through Naver's verification process, making it a relatively trusted area for users. For this reason, concerns have been raised that users who accessed the links to install legitimate apps were exposed to the risk of malware infection.

According to Naver, the structure of search ad operations allows multiple businesses to bid through the advertiser center, and the rights to display Powerlink ads are secured via an auction system. The problematic Powerlink ad was confirmed to be a legitimate site at the time of the ad review, but it was later found to have been altered to a page distributing malware during actual operation.

The exposure period for this malicious Powerlink ad on the search page lasted less than a week. Naver immediately suspended the ad as soon as the issue was identified. Currently, searching for 'Telegram' no longer leads to links containing malware. Naver has stated that it will strengthen its monitoring system to prevent similar incidents from recurring.

Chairperson Minhee Choi stated, "The fact that Naver Powerlink was used for phishing and malware distribution indicates a neglect of the platform's fundamental security responsibilities," and emphasized, "Even after selecting Powerlink advertisers, it is essential to block the possibility of tampering through post-management."