A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a tech support scam.
“While brand impersonation is commonly done via tracking templates, in this instance the fraudsters relied on keyword insertion to do the work for them,” Malwarebytes explains. “This is particularly useful when targeting a single company and its entire portfolio.”
The scammers are abusing Looker Studio (another Google product) to trick users into thinking something is wrong with their computer. When a user clicks on the malicious ad, Looker Studio will display a full-screen image of Google’s home page. This image contains a hyperlink that will take the victim to a page that displays a fake Microsoft or Apple alert page with a phone number to call for help. Once the scammer has the victim on the phone, they’ll attempt to trick the victim into installing malware or handing over sensitive information.
Malwarebytes has reported this campaign to Google, but the criminals can use the same tactics to spin up similar operations.
“Malicious ads can be combined with a number of tricks to evade detection from Google and defenders in general,” the researchers write. “Dynamic keyword insertion can be abused to target a larger audience related to the same topic, which in this case was Google’s products. Finally, it’s worth noting that in this particular scheme, all web resources used from start to finish are provided by cloud providers, often free of charge. That means more flexibility for the criminals while increasing difficulty to block.”
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Malwarebytes has the story.