Security researchers are raising the alarm against an Amazon ad in Google search results that appears very real in design but is actually created to scam visitors.
The ad redirects them toward the scam that seems like it's from Microsoft Defender, but in reality, it's not. Furthermore, this results in their browsers getting locked. And the news comes to us as we saw new reports shed light on the valid ad that was launched for Amazon across Google Search.
It displays a very real appearing URL for Amazon, similar to the ones that pop up across search results. But clicking this particular ad on Google would redirect the user toward the scam.
Moreover, the ad tells visitors they’ve been infected by a particular malware. And before you know it, the scam enters the full-screen variant and that just makes it super difficult to take a step back from any page, without actually ending the whole process on Google Chrome.
But when Chrome gets terminated, upon a relaunch, you’ll see it generating prompts to regain all the pages that were closed and that goes on to reopen this particular scam again. So as can be seen, it's a vicious cycle.
A demo was also put out regarding this new Amazon-Google advertisement and how it’s a huge scam in the world of tech. Other reports went on to add how something awfully similar was rolled out on the YouTube platform, which even made use of authentic URLs, and that in turn gave rise to a similar scam.
For now, it’s not clear why the search engine giant gives advertisers the chance to copy other firms’ URLs and produce ad scams that are super convincing at first glance.
Meanwhile, another media outlet was seen reaching out to tech giant Google and even Amazon about this kind of threat. But it failed to get the right type of assurance from the companies about what they were doing to combat it.
In the past year, so many Google ads were abused by a growing figure of threat actors whose role was primarily to pass on malware and that led to a growing figure of ransomware incidents.
Such threat actors ended up producing a replica of real web pages and then switching download links to showcase trojanized material that functions by installing malware.
Moreover, such ransomware operations end up producing Google ads that market all sorts of malicious pages that install beacons like Cobalt Strike. These give access to a wide array of corporate-themed networks that carry out some attacks.
H/T: BleepingComputer
Read next: Cybersecurity Shortcomings: Popular Websites Leave Digital Doors Ajar
The ad redirects them toward the scam that seems like it's from Microsoft Defender, but in reality, it's not. Furthermore, this results in their browsers getting locked. And the news comes to us as we saw new reports shed light on the valid ad that was launched for Amazon across Google Search.
It displays a very real appearing URL for Amazon, similar to the ones that pop up across search results. But clicking this particular ad on Google would redirect the user toward the scam.
Moreover, the ad tells visitors they’ve been infected by a particular malware. And before you know it, the scam enters the full-screen variant and that just makes it super difficult to take a step back from any page, without actually ending the whole process on Google Chrome.
But when Chrome gets terminated, upon a relaunch, you’ll see it generating prompts to regain all the pages that were closed and that goes on to reopen this particular scam again. So as can be seen, it's a vicious cycle.
A demo was also put out regarding this new Amazon-Google advertisement and how it’s a huge scam in the world of tech. Other reports went on to add how something awfully similar was rolled out on the YouTube platform, which even made use of authentic URLs, and that in turn gave rise to a similar scam.
For now, it’s not clear why the search engine giant gives advertisers the chance to copy other firms’ URLs and produce ad scams that are super convincing at first glance.
Meanwhile, another media outlet was seen reaching out to tech giant Google and even Amazon about this kind of threat. But it failed to get the right type of assurance from the companies about what they were doing to combat it.
In the past year, so many Google ads were abused by a growing figure of threat actors whose role was primarily to pass on malware and that led to a growing figure of ransomware incidents.
Such threat actors ended up producing a replica of real web pages and then switching download links to showcase trojanized material that functions by installing malware.
Moreover, such ransomware operations end up producing Google ads that market all sorts of malicious pages that install beacons like Cobalt Strike. These give access to a wide array of corporate-themed networks that carry out some attacks.
H/T: BleepingComputer
Read next: Cybersecurity Shortcomings: Popular Websites Leave Digital Doors Ajar
