Watch out – that Amazon or Microsoft ad could just be malware

Advertising fraud on trusted internet platforms such as Google is on the rise again, according to a new report from Malwarebytes.

In a blog post, Jérôme Segura, Senior Threat researcher at the company explained how criminals abuse legitimate advertising services to get malicious links in front of unsuspecting victims. 

As it turns out, the criminals are able to buy ad space on Google Ads, for example, which ensures that their ad will show up at the very top of Google’s Search Engine Results Pages (SERP). 

Fake ads

The scammers would then create a fake ad for a popular company with millions of monthly searches, such as Amazon, for example. 

Given that people usually click on whatever link shows up at the top of the SERPs, the researcher claims, having a malicious link appear there is very dangerous.

These ads, which impersonate major brands, are done in a way that bypasses Google’s filtering mechanisms and are even able to display legitimate links. In a screenshot showing one such example, the legitimate Amazon link is clearly visible, even though that’s not the website the victim ends up visiting, should they click the ad.

The victims that end up clicking the ad are usually shown a fake antivirus scan claiming their computer has a virus and needs to be cleaned with the help of a professional. The “professional” would then usually trick the victim into downloading remote desktop solutions, which opens the doors for countless other malware. In other instances, the victims would be shown a landing page mimicking the login prompt for popular services such as Amazon, Microsoft, or Google.

Tackling the issue isn’t that straightforward, the researcher also says, describing malvertising as “a complex issue” that generates billions of daily ad impressions. Still, the best way forward is for businesses to educate their employees and users about malvertising.

Still, “we can’t blame them for clicking on paid ads that are supposedly verified as trusted,” he concludes.

Like this post? Please share to your friends: