Google Ads exploited by hackers to deploy Windows Support scams

August 3, 2022
Google Ads Exploited Hackers Windows Support Scam Fraud Prevention Fraudsters

Google Ads that appear legitimate and trustworthy have been redirecting users to tech support scamming websites. Based on reports, these scams are disseminating fake security alerts that impersonate a function from Windows Defender.

An ongoing massive malware advertisement campaign exploits Google Ads. If users search for YouTube-related keywords on Google, the first result will be an advertisement called “YouTube.com – YouTube – Best of YouTube videos for You’ or ‘YouTube – Best of YouTube Videos.”

At first glance of the site, there will be no suspicious activity that a user can identify since it uses a correct URL format for YouTube called youtube[.]com. Moreover, the ad displays additional advertisement elements under the ad, which makes it more convincing.

Unfortunately, the website is a phoney YouTube URL redirecting a user to the tech support scam.

 

The Google Ads scam will initiate after a visitor accesses its site.

 

If an unaware user accesses a malicious advertisement from Google Ads, the scam website will review if the user is utilising a VPN connection. If the user uses a VPN connection, it will be sent to the authentic YouTube website.

However, if the user does not utilise any VPN connection, the scam will redirect it to its tech support scam webpage. Subsequently, the scam webpage warns visitors that a hacker blocked its Windows due to allegedly suspicious activity, and the Windows Defender identified spyware called ‘Ads[.]financetrack(2)[.]dll.’

Furthermore, the scam page gives a contact number for the user to reach and has the needed technical support team.

If the target calls the number provided by the website, they will be connected to a call centre overseas. The tech support on the call will urge the target to download/install TeamViewer on their systems.

However, the scammers will lock the user’s computer and tell them that their computer is severely compromised and that it needs to have a support license which the affected individual can purchase on the scammer’s website.

This latest malvertisement reveals that threat actors can design genuine-looking ads for well-known services like YouTube. Furthermore, adversaries can always use these advertisements to distribute malware.

Experts suggest that users utilise concentrated anti-malware solutions to obstruct these scams.

About the author