Google Ads with convincing ‘YouTube’ content lead to Windows support scams

Google Ads with convincing 'YouTube' content lead to Windows support scams

Visitors are being directed to tech support scams by a spooky, realistic-looking Google Search YouTube commercial that looks like security alerts from Windows Defender.

Malwarebytes, a cybersecurity company, revealed today that it had found a “large” malvertising campaign that was abusing Google Ads.

The first ad that appears in search results for “YouTube”-related keywords is labeled “YouTube – Best of YouTube Videos” or “YouTube.com – YouTube – Best of YouTube videos for You.”

As you can see below, the advertisement contains the correct YouTube.com URL and even displays extra advertising pieces underneath it, so nothing about it seems strange.

However, clicking the advertising will instead take you to a tech support fraud masquerading as a security alert from Windows Defender, not YouTube.

According to studies by BleepingComputer, the websites http://matkir[.]ml and http://159.223.199[.]181/ are where you can find tech support frauds. And inform visitors that “Windows was barred due to dubious behaviour” and that “Ads.financetrack(2).dll” Trojan spyware were found by Windows Defender.

The good news for VPN users is that fraudulent sites will check to see if you are using one and, if so, will reroute visitors to the official YouTube site.

We were connected to a foreign call center when we dialed the number provided on the scam website, and the “support professional” asked us to download and install TeamViewer on our computers.

They probably would have utilized TeamViewer to take control of our machine to “repair” the mistake, even if we didn’t let the installation finish.

The scammers would typically attempt to lock your computer or claim that it was corrupted and that you needed to buy a support license. Either outcome results in a pricey support agreement that offers the victim no advantages.

A tweet from Malwarebytes shows that the malvertising campaign is still active on Google Search at the moment.

This malvertising campaign is particularly ominous because it demonstrates how threat actors might produce ads that pose as legitimate businesses in order to disseminate malware, phishing websites, or other kinds of attacks.

Google has been contacted by BleepingComputer with inquiries regarding the advertisement, but as of right now, no response has been received.

Source

Share this on

Facebook
LinkedIn
Twitter
Pinterest
Email
WhatsApp
Telegram
Skype