A link to Amazon on the first page of Google results doesn’t seem like a very risky place to click, in theory. Unless, of course, it turns out that it’s not really a link to Amazon..
And a Windows Defender antivirus window apparently granting you permission to deal with newly detected malware doesn’t seem like a bad decision either. Unless, of course, this window is not Windows Defender. And that, while it’s true that there is malware involved, it’s not the one you think.
And it is that a malicious advertising campaign on Google took users by surprise, after discovering that a series of sponsored ads in the market’s leading search engine falsely used the names of Amazon and Microsoft to spread malware surprisingly effectively.
This is how they deceive you
When searching for the term “Amazon” on Google, the first sponsored result was not a real link to the e-commerce giant, but A redirect to a page that claimed to be a Microsoft Defender antivirus alert.
The cunning thing about this scam lies in the impersonation of the URL. Ads display seemingly authentic URLs to build user trust, who ended up clicking without hesitation. However, this only led them to a website that tried to spoof legitimate system warnings of a malware infection.
In addition, the page expands to full screen, making it difficult to close. The windows they were displaying (actually part of the web page) did not perfectly imitate, precisely, those of Windows Defender (or those of any other antivirus), but many less experienced (and/or very scared) users could also fall into deception.
The user is presented with two buttons “Deny” or “Allow” which, choose the one you choose, will eventually download the malware, which will infect (this time for real) the user’s computer.
This is not the first recent case of phishing in Google ads. Over the past year, there has been an increase in abuse of the search engine’s advertising platform with the aim of spreading malware and executing ransomware attacks. Similar situations have even been reported on the YouTube video platform.
In Genbeta | Beware of this phone scam: this “Microsoft technician” who tells you that your PC is in danger… is the real danger