In a concerning revelation, a seemingly legitimate ad for Amazon in Google search results has been found redirecting users to a tech support scam that locks up their browser. The scam, posing as an alert from Microsoft Defender, claims that the user’s device is infected with malware. This alarming occurrence was recently brought to the attention of BleepingComputer, a prominent cybersecurity news outlet.
When users click on the deceptively genuine-looking Google ad, they are redirected to a page displaying a fake alert from Microsoft Defender. The page claims that the user’s device is infected with the ads(exe).finacetrack(2).dll malware. To further deceive users, the scam site automatically goes into full-screen mode, making it difficult for victims to exit the page without terminating the Google Chrome process.
Terminating the Chrome process prompts users to restore closed pages when relaunching the browser, inadvertently reopening the tech support scam. This clever tactic prolongs the scam and increases the chances of unsuspecting users falling victim to its fraudulent tactics.
BleepingComputer has provided a visual demonstration of the fake Amazon Google ad leading to the tech support scam site. The video reveals the extent of the scam and highlights the urgent need for action to protect users from such malicious activities.
This incident is not the first of its kind. In June 2022, cybersecurity firm Malwarebytes uncovered a similar case involving a legitimate-looking YouTube ad that also led unsuspecting users to the same tech support scam. It remains unclear why Google’s ad system allows advertisers to impersonate URLs of reputable companies, enabling the creation of convincing advertisement scams.
BleepingComputer reached out to both Google and Amazon for comment regarding this malvertising incident, but as of the time of publication, no response had been received. This incident highlights the growing abuse of Google advertisements to distribute malware. Threat actors have increasingly exploited Google’s ad system in the past year to distribute malicious software, with some cases resulting in devastating ransomware attacks.
These threat actors often create fake replicas of legitimate websites and manipulate the download links to distribute trojanized programs that install malware on unsuspecting users’ devices. In some instances, malicious Google advertisements have been utilized by ransomware operations like the Royal group, to promote websites that install Cobalt Strike beacons. These beacons serve as backdoors, providing initial access to corporate networks for conducting devastating ransomware attacks.
As the abuse of online advertising systems continues to pose threats to users’ security, it becomes imperative for platforms like Google to strengthen their security measures and proactively combat these malicious activities. Users are advised to exercise caution when clicking on ads and to rely on reputable sources for software downloads to mitigate the risk of falling victim to such scams.