Tech support scammers last month targeted eBay
customers in the U.S. by way of fraudulent Google ads.
In a few separate searches, Malwarebytes Labs identified multiple sponsored results created from at least four different advertiser
accounts.
Malvertising -- a threat that is not on the dark web, but rather on Google Search -- tends to increase with online shopping and ads, and has become one of the hazards of being the
top search engine.
Criminals or bad actors do not need to know a victim’s email address, login credentials, or personal information to deliver malware. And it doesn’t matter that
the malware could ruin the reputation of consumer brands. All it must do is convince someone to click on an ad -- and sometimes not even that.
advertisement
advertisement
The ads can appear as sponsored content. They also can hide in ads that appear on mainstream websites from Lowe's and others.
The cyberattack technique injects malicious code in digital
ads.
The United Nations Office on Drugs and Crime published a report in October about how these infected ads are distributed to consumers through legitimate advertising networks.
“Search engine optimization (SEO) poisoning and deceptive advertising are extensively utilized by criminals engaged in cyber-enabled fraud and other criminal activities to achieve these ends,
with both proving effective and scalable as global search engine and social media use continues to grow,” describes the UNOD.
The report also identified malvertising in many online
vendors across various platforms that are explicitly advertising registered third-party Starlink devices to cyber-enabled fraud operators based in remote parts of the Mekong Southeast Asia region.
Malvertising attacks can be complex, the report explains. The attacker begins by breaching a third-party server that allows the cybercriminal to inject malicious code within a display ad or some
element such as banner ad copy, creative imagery or video content.
The report describes the sequence of events as the malware delivered can damage files, redirect internet traffic, monitor the
user’s activity, steal sensitive data or set up backdoor access points to the system.
Malware may also be used to delete, block, modify, leak or copy data, and sold back to the user for
ransom or on various underground marketplaces online
A search for “ebay phone number” or “ebay customer service” from the U.S. using Google Chrome returned several ads
that were entirely fraudulent, according to security firm Malwarebytes. The company found they were created from four separate advertising accounts -- with some belonging to legitimate entities and
some created from scratch.
And while Google has seen most of the malvertising in search and its operating system, no brand is safe from the scam.
Malwarebytes has tracked campaigns
spoofs across Amazon, Walmart, Lowe’s and even its own site.
In early November, Jerome Segura, senior director of research at Malwarebytes, wrote about a wave of phishing for banking credentials that targets consumers via
Microsoft’s search engine Bing.
A Bing search query for "Keybank login" returned malicious links on the first page, and sometimes as the top search result.
The growing problem
ties artificial intelligence (AI) with malware as scams become more sophisticated. Malvertising instances in the U.S. rose 42% month-over-month
in fall 2023, and increased another 41% from July to September of this year, Malwarebytes estimates.
Threats during Black Friday and Cyber Monday could see all-time highs.
Malwarebytes
warned of several online threats that could target consumers during the next few months. They include brand impersonation and fakes, credit card skimming, and malvertising.