Malwarebytes, a cybersecurity company, revealed on Thursday that it had found a "major" malvertising campaign that was misusing Google ads. This unsettlingly lifelike Google Search YouTube advertising directs users to tech support scams that pose as Windows Defender security alerts.
This malvertising campaign is particularly worrisome because it demonstrates how threat actors might produce ads that pose as legitimate companies in order to disseminate malware, phishing websites, or other kinds of attacks.
A tweet from Malwarebytes shows that the malvertising campaign is still active on Google Search at the moment.
How Does the Scam Work?
According to BleepingComputer, the first ad displayed in search results for "YouTube"-related searches is labeled "YouTube - Best of YouTube Videos" or "YouTube.com - YouTube - Best of YouTube videos for You."
However, clicking the advertising will instead take you to a tech support fraud masquerading as a security alert from Windows Defender, not the YouTube website.
Nothing about the advertisement appears strange because it displays the exact URL for youtube.com and extra advertising elements underneath the ad.
Tests on the Misleading Advertising Campaign
Fortunately, BleepingComputer did some tests, saving us the trouble. The news outlet discovered that the fake tech support sites could be accessed at https://matkir[.]ml and https://159.223.199[.]181/. It then alerts users that "Windows was blocked due to questionable activity" and "Ads.financetrack(2).dll" Trojan spyware has been detected by Windows Defender.
Upon dialing the number provided in the malvertising campaign, the "support technician" instructed BleepingComputer's team to download and install TeamViewer on their machines.
For security reasons, the installation was stopped by the team. However, the scammers most likely would have utilized TeamViewer to take over the computer and "repair" the issue.
The scammers, according to BleepingComputer's warning, would typically lock your computer in some way or claim that it is infected and that you need to buy a support license. In either case, the victim is left with a costly support agreement that serves no purpose.
Good News for VPN Users
However, there is positive news from BleepingComputer as well. The good news for VPN users is that fraudulent sites will check to see if you are using one and if so, will reroute viewers to the official YouTube site.
Various Scams Are Attacking Even iPhone Users
As previously reported, in order to uphold its commitment to protecting customers' privacy, Apple has developed distinctive methods of its own. As a result, its App Store has come under scrutiny for not allowing third-party services to operate in its ecosystem.
However, many fraudulent apps that can harm iPhone users have lately been found in the App Store. Consequently, these scam apps have made iPhone users vulnerable.
In March 2021, there were 133 Avast uncovered scam apps. However, 84 of those applications are still available on the Apple App Store even after 15 months.
With 500 million downloads, these "fleecewear" apps have made $365 million in income. It's crucial to remember that these apps don't necessarily imply they steal their customers' data; instead, they put users in jeopardy through hidden fees.