"Windows Support Scam Targets Users in a Google Ads Malvertising Campaign"
Malwarebytes discovered a malvertising campaign that uses Google Ads to redirect users to Windows support scam sites. After searching specific popular keywords, the attackers display fake Windows Defender alerts requesting visitors to contact Microsoft support agents. Malwarebytes described the campaign as "spectacular" because it takes advantage of a common browsing behavior in which users search for a website by name rather than typing the URL into the browser's address bar. When someone wants to watch YouTube videos, they search "youtube" rather than typing "youtube.com" into the browser's address bar. Threat actors exploit this behavior by displaying realistic ads that match users' expectations while redirecting them to malicious websites. Threat actors redirect users to different content based on their UserAgent and IP address. They check the validity of the browser string and IP address to determine the target's legitimacy and to avoid web crawlers, bots, and Virtual Private Networks (VPN) users. Scammers can use this strategy to submit legitimate content for review while serving different content to actual users. This is a violation of the "Google Webmaster Guidelines," according to Google. If the scammers determine that the visitor is real, they redirect them to pages containing tech support scams. Otherwise, they are redirected to the appropriate content. They redirect their targets several times before they arrive at the fraudulent support page. According to Malwarebytes, the Windows support scam malvertising campaign has affected many Internet users based on its assessment of the use of popular keywords and typos. The Windows support scam malvertising campaign targets popular websites, including Amazon, Facebook, Walmart, and YouTube, which are visited by millions of people every day. With an estimated 5.6 billion Google searches per day, the Google Ads Windows support scam malvertising campaign has likely maxed out. This article continues to discuss findings surrounding the Google Ads malvertising campaign.
CPO Magazine reports "Windows Support Scam Targets Users in a Google Ads Malvertising Campaign"