A legitimate-looking advert for Amazon in Google search outcomes redirects guests to a Microsoft Defender tech assist rip-off that locks up their browser.
At this time, BleepingComputer was alerted to what seemed to be a sound commercial for Amazon within the Google search outcomes.
The commercial reveals Amazon’s respectable URL, similar to within the firm’s typical search end result, as proven beneath.
Nonetheless, clicking on the Google advert will redirect the particular person to a tech assist rip-off pretending to be an alert from Microsoft Defender stating that you’re contaminated with the advertisements(exe).finacetrack(2).dll malware.
These tech assist scams will robotically go into full-screen mode, making it arduous to get out of the web page with out terminating the Google Chrome course of.
Nonetheless, when Chrome is terminated on this method, on the relaunch, it should immediate customers to revive the beforehand closed pages, reopening the tech assist rip-off.
An indication of as we speak’s pretend Amazon Google advert resulting in the tech assist rip-off website will be seen beneath.
In June 2022, Malwarebytes found a legitimate-looking YouTube advert that additionally used the platform’s URL, resulting in the identical tech assist rip-off.
It is unclear why Google permits advertisers to impersonate different corporations’ URLs to create these convincing commercial scams.
Google advertisements abused to distribute malware
BleepingComputer reached out to each Google and Amazon concerning this malvertising however has not obtained a response on the time of this publication.
Google ads have been closely abused over the previous 12 months by different risk actors to distribute malware, which generally results in ransomware assaults.
The risk actors would create replicas of respectable websites however swap the obtain hyperlinks to distribute trojanized packages that set up malware.
The Royal ransomware operation additionally creates Google ads selling malicious websites that set up Cobalt Strike beacons. These beacons are used to supply preliminary entry to company networks to conduct ransomware assaults.