According to Bleeping Computer it appears that a problem has arisen with Google Authenticator. An excerpt follows: “Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. For years, malicious advertising (malvertising) campaigns have targeted the Google search platform, where threat actors place ads to impersonate well-known software sites that install malware on visitors' devices. To make matters worse, threat actors have been able to create Google search ads that show legitimate domains, which adds a sense of trust to the advertisement. In a new malvertising campaign found by Malwarebytes, threat actors created ads that display an advertisement for Google Authenticator when users search for the software in Google search. What makes the ad more convincing is that it shows 'google.com' and "https://www.google.com" as the click URL, which clearly should not be allowed when a third party creates the advertisement….” Currently it appears that Google is not detecting when these impersonations and “Malvertisements” are created on the Google platform. While Google is working to increase the scope and accuracy of its automated systems, clearly this is not only a problem but a substantial risk to any user who is onboarding Google Authenticator. See the article: https://www.bleepingcomputer.com/news/security/google-ads-push-fake-google-authenticator-site-installing-malware/