A few months ago, we warned that malevolent people were buying Google ads leading people to fake #GIMP websites to trick them into downloading malware.
Apparently this is still continuing to this day (as were reported to us). Google is still not blocking these fake ads despite the many reports and articles which happened for months now. 😓

Be careful and always make sure where you download your software from. Also the GIMP project doesn't buy ads!

https://floss.social/@mithrandir@defcon.social/109773987578181949

@GIMP I don’t understand who the main target for this is. You have to be knowledgeable enough to know what GIMP is, but fool enough to not recognize a scam or phishing website? I guess enough people are falling for it to make it worth their while?

@austincnunn GIMP is known by many people, even those who have no idea what Free Software is.
Last I had access to reliable download numbers (was a few years ago), we had about 50 thousands downloads a day of the Windows installer only. I.e. people going to our website and clicking the download button.
If attackers can get just a tiny percent of these downloads through ads, it will still be a lot.

Also phishing websites are perfect copies of ours (except for the installer which is a malware).

@GIMP The download numbers are always misleading. Do you have a rough active-install number? (not doubting anything else you said, just curious now)