Fraudulent advertising with Google products
Brazen scammers are placing malicious ads for various Google products. Anyone who falls for them ends up with fake tech support.
The search returns spam, malware and scams.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Online fraudsters are becoming increasingly brazen: IT security researchers at Malwarebytes have discovered a malvertising campaign in which criminals have imitated Google's entire product range in advertising and redirected victims to fake Google websites.
(Image: Malwarebytes)
The source of the scam is a Google service called Looker Studio, in which the fraudsters embed fake Google pages as graphics. Clicking on it ultimately leads to the target website, which offered fake support for the victims in this campaign.
Fraud scam: "Keyword insertion" mechanism abused
In order to appear in the search results for Google products, the perpetrators misused a Google mechanism called"keyword insertion" and stored {keyword:google) there. According to the description, Google replaces the code with keywords from the customer's ad group, but if it cannot do this, it uses the specified keyword.
According to the findings of the IT researchers, the advertiser does not seem to know that the account has been compromised. It already appeared in a campaign at the end of June for a malware-ridden Brave browser and in a phishing campaign. Following the report to Google, the fraudsters opened a new advertising customer account that could be used to display advertising despite the pending identification check. The advertising with the reported account ended up at lookerstudio.google.com, while the new account referred to maps.google.com.
An image of the Google search page was embedded on the target website. After clicking on the image, the user is redirected to a website hosted in Microsoft's Azure cloud, which switches the browser to full-screen mode and plays a recording. In addition, pop-up windows display telephone numbers for supposed technical support. According to Malwarebytes, many victims fall for this. Victims are persuaded to buy gift cards or log into their bank account to pay for repairs.
Malvertising is a persistent problem. Cyber criminals are constantly trying to find victims. Most recently, for example, through fake advertising for the popular Arc web browser or administration tools such as SSH or FTP clients.
(dmk)