Threat actors have launched another malvertising campaign on Google Search. While that is not really anything to write about anymore in this day and age, this time is special.
Not only did the threat actors manage to plant scam ads on Google, they did furthermore impersonate Google’s entire product line and used Google domains for the scams. If that is not something to write about.
The story comes from Malwarebytes. Security researchers at Malwarebytes discovered the campaign.
Here are the details:
- The campaign was run on Google Search.
- The threat actor used Google’s Looker Studio service to show the google.com domain as the address.
- The ads targeted Google {product}, e.g., Google Translate or Google Flights.
Even after Malwarebytes reported the ads to Google, ads that impersonated official Google products continued to show up on Google Search.
Locker Studio is a service by Google that creates “interactive dashboards and beautiful reports” from data.
The scammers used the service to display a copy of the Google Search homepage. The homepage is just an image with a hidden link. When the victim clicks on the image, the link is triggered.
The user is then redirected to fake Microsoft or Apple alert pages. These go into full screen mode and play a recording according to Malwarebytes. The alerts suggest that something is not right.
They display a number to call for support and also a form to type the Microsoft account name and password.
Calls land in overseas call centers that try to scam the callers into purchasing gift cards or logging into their bank accounts to pay for the support.
The URL used in this case is on a Microsoft Azure domain, which is designed to instill further trust.
Closing Words
There is not much to like about ads nowadays. They slow down web browsing, use additional bandwidth, collect data about users, and may be distracting. If that is not enough, they may also push ads, as seen over and over again.
The only thing that is positive about ads is, in my opinion, that they allow certain services or publications to exist. There are not viable alternatives. While subscriptions are picking up, this won’t work for everyone as users seem to be fed up already with the ever increasing list of services that is asking for a monthly or yearly payments.
More safeguards need to be in place to prevent blatant abuses like the one discovered by Malwarebytes.
What is your take on this? Feel free to leave a comment down below.
– Advertisement, globally and, for our concern, on the Web, is increasing madly.
– Malvertisement is not seriously handled, mainly by Google.
– “Even after Malwarebytes reported the ads to Google, ads that impersonated official Google products continued to show up on Google Search.” is maybe the worst, if not the most relevant of a company’s concern for users of the Web, those anyhow, a majority unfortunately, who use the company’s services, Google Search to start with.
As I see it, what is sad is that it is the very users of the web that allow such companies to inflate and become a public enemy without being the public’s enemy. Administrations and justice could bring to the attention of all what Google really is, ABC could be split up… a majority of users would nevertheless carry on with Guru Google, that’s just the way it goes. A former US president had evoked that his aura was such that he could shoot anyone on the 5th Avenue and not be worried … same applies to Google : the company has gained such a fame that the blind, intoxicated, addicted to the company just wouldn’t even consider changing anything to their Google-driven approach of the Web.
For those of us who do care for themselves, for their privacy, for their tranquility, avoiding Google products and services is feasible, alternatives exist, so what are we waiting for?
I started using Google Search again since other search engines such as Qwant, DDG and Startpage are next to useless at finding stuff. Startpage even started bombarding me with Captchas just to use it, probably because I’m always logged into Mullvad coupled with their SOCKS 5 proxy.
But I only use the context menu to search with and never Google’s home page. Still it’s an interesting concept that bad actors are resorting to these days and provides Google with something to do to alleviate the problem instead of just bombarding users with ads all day.
Hello Martin sir!
I am a long time reader of yours since ghacks. I have feedback. Please make the text size in this article bigger. I mostly read your articles on Android and I find it quite difficult to read tiny text.
Hi! Anyone else reading on Android who thinks the text size is too small?
Maybe you could use the zoom feature of the browser?