HQ/EMEAFind out how we can help your business
A new Microsoft support scam operation is leveraging a legitimate-looking ad for Amazon in Google search results. Based on reports, the ad will redirect the visitors to a Microsoft Defender tech support scam that could lock up their browsers.
Earlier this week, a researcher received a report regarding a valid advertisement for Amazon that appears in the Google search results, which may have been malicious. The ad displays Amazon’s legit URL, like the company’s typical search result.
However, once a visitor clicks on the Google ad, it will redirect the person to a tech support scam that poses to be an alert from MS Defender. The alert states that the visitor is infected with malware dubbed ads(exe).finacetrack(2).dll.
The Microsoft support scam will force itself on the user by going into full screen.
According to investigations, the new Microsoft support scam will immediately go into full-screen mode once the users access the Amazon ad on Google search results. The tactic would make the page more challenging for visitors to exit without terminating the Google Chrome process entirely.
However, when a user terminates Chrome, it will prompt users to restore the previously closed pages, reopening the support scam on the relaunch.
In a related incident, researchers discovered a legitimate-looking YouTube ad using the platform’s URL, resulting in the same tech support scam. Researchers still question Google for allowing such ads to impersonate other companies’ URLs to generate these deceiving advertisement scams.
In addition, the concerned researchers have already contacted Amazon and Google about the malvertising campaign. Unfortunately, both entities have yet to address the questions or the incidents.
Threat analysts explained that Google Ads had been primarily exploited for the past few months by various threat groups to launch malware strains. Some of these campaigns have resulted in ransomware attacks.
The scammers have generated almost-perfect replicas of legitimate websites but replaced the download links to spread trojanised software solutions to install malware.
Therefore, cybersecurity experts recommend that individuals refrain from accessing ads, especially those on top of search results, since most of these are boosted by scammers to make their attacks more efficient. Lastly, review the URLs before accessing any website to mitigate or prevent the effects of such campaigns.
