Watch out - that Amazon or Microsoft ad could just be malware

Just because an ad is on Google, it doesn’t mean it’s clean

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Advertising fraud on trusted internet platforms such asGoogleis on the rise again, according to a new report from Malwarebytes.

In ablog post, Jérôme Segura, Senior Threat researcher at the company explained how criminals abuse legitimate advertising services to get malicious links in front of unsuspecting victims.

As it turns out, the criminals are able to buy ad space on Google Ads, for example, which ensures that their ad will show up at the very top of Google’s Search Engine Results Pages (SERP).

Fake ads

The scammers would then create a fake ad for a popular company with millions of monthly searches, such asAmazon, for example.

Given that people usually click on whatever link shows up at the top of the SERPs, the researcher claims, having a malicious link appear there is very dangerous.

These ads, which impersonate major brands, are done in a way that bypasses Google’s filtering mechanisms and are even able to display legitimate links. In a screenshot showing one such example, the legitimate Amazon link is clearly visible, even though that’s not the website the victim ends up visiting, should they click the ad.

Tackling malicious domains and typosquatting>This huge typosquatting campaign is being used to run tech support scams>These are the best identity theft protection solutions today

The victims that end up clicking the ad are usually shown a fake antivirus scan claiming their computer has a virus and needs to be cleaned with the help of a professional. The “professional” would then usually trick the victim into downloading remote desktop solutions, which opens the doors for countless othermalware. In other instances, the victims would be shown a landing page mimicking the login prompt for popular services such as Amazon,Microsoft, or Google.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Tackling the issue isn’t that straightforward, the researcher also says, describing malvertising as “a complex issue” that generates billions of daily ad impressions. Still, the best way forward is for businesses to educate their employees and users about malvertising.

Still, “we can’t blame them for clicking on paid ads that are supposedly verified as trusted,” he concludes.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics