A nasty new malware campaign has been identified, abusing Google’s advertising system to lay the groundwork for all sorts of cyberattacks.
Earlier this week, Malwarebytes cybersecurity researchers discovered that unknown threat actors had purchased an ad that appears at the top of Google’s search engine results pages whenever someone types in the keyword “ YouTube ”Or other relevant keywords. The particularly bad part is that it’s impossible to tell the fake ad from a legitimate one, plus it comes with an authentic link and comes with all the usual line items. In other words, even the most careful user could fall into the scam.
Doubts appear only after the link has been clicked. Instead of redirecting the victim to YouTube, the link takes them to a fake Windows Defender site , with a popup saying that the computer is infected with a Trojan, the pop-up states that the victim should immediately call Windows Technical Support Defender or face a “complete malfunction” of your endpoint.
BleepingComputer called the number provided on the screen and was connected to an overseas call center where a “support engineer” asked them to download and run the TeamViewer remote desktop software. The publication did not pursue the scam further, as it is safe to assume that the scammers would have used computer access to install some type of ransomware or similar device-blocking malware.
In all likelihood, they would then proceed to request payment for a “premium service” or something else, in exchange for the return of their device and although we have not been able to independently verify if the campaign is still active, the latest Malwarebytes tweet would suggest it is. The easiest way to avoid the scam, it was said, is to have a VPN service running , as the fake site will scan your device for any VPNs and, if it finds one, redirect the device to the legitimate YouTube site.