The notion of cybercriminals exploiting a robust platform like Google Ads to conceal malware is a scenario we hadn’t foreseen. Nonetheless, a recent exposé published by a dedicated cybersecurity source discloses an ongoing situation that demands our attention to prevent falling prey to an attack.
According to reports from Bleeping Computer, an alert reader shared insights about a security issue discovered within Google ads. Upon inputting the keyword “Amazon” into the Google search field, the initial result displayed—a sponsored listing—was, in fact, not an authentic advertisement originating from the reputable e-commerce behemoth.
An Alarming Revelation
The critical issue with this threat revolves around the attacker’s skillful manipulation of Google search results to execute URL phishing. The initial result showcased in a sponsored Amazon ad presents the genuine link to the online store: https://www.amazon.com.
Subsequent Events
Clicking on the counterfeit Amazon link within the Google ad leads us to a fabricated Microsoft website. Here, a façade of Microsoft Defender antivirus support is presented. The webpage claims that the computer is compromised by the ads(exe).finacetrack(2).dll malware file, which is classified as a Trojan. As a security measure, it asserts that computer access has been suspended. A phone number, +1 (884) 658-1428, is also provided, but it’s crucial to note that this is not an authentic Microsoft contact, serving as a component of the scam. The page further displays “deny” and “allow” buttons.
It’s advised not to engage with either option, as this action triggers the malware to download, subsequently infecting the computer. Furthermore, attempting to close Chrome is the only recourse when the browser appears trapped in full-screen mode.
Even after restarting the browser and opting for the restore function, the malware page will reload. This renders the restoration unnecessary for any purpose. If one refrained from clicking on the fraudulent page, there should be no exposure to infection or security risks. Exercise caution when dealing with such imitation pages that masquerade as authentic, luring us into misguided clicks.
Recurrence of this incident isn’t unprecedented. A similar scenario was reported the previous year involving a YouTube ad. Although displaying the genuine URL of the social video platform, users were directed to a counterfeit page laden with malware upon clicking. Similar threats have emerged, prompting anticipation for Google to address these concerns and thwart cybercriminal exploitation of its advertising platform.
Considering Google’s dominance in the online advertising realm and its history of swift and effective response to incidents, there’s little doubt they will rectify this issue promptly. Additionally, the occurrence appears relatively isolated, reducing the likelihood of encountering it. However, exercising caution while clicking remains imperative.