Tech support scammers last month targeted eBay customers in the U.S. by way of fraudulent Google ads.
In a few separate searches, Malwarebytes Labs identified multiple sponsored results created from at least four different advertiser accounts.
Malvertising -- a threat that is not on the dark web, but rather on Google Search -- tends to increase with online shopping and ads, and has become one of the hazards of being the top search engine.
Criminals or bad actors do not need to know a victim’s email address, login credentials, or personal information to deliver malware. And it doesn’t matter that the malware could ruin the reputation of consumer brands. All it must do is convince someone to click on an ad -- and sometimes not even that.
advertisement
advertisement
The ads can appear as sponsored content. They also can hide in ads that appear on mainstream websites from Lowe's and others.
The cyberattack technique injects malicious code in digital ads.
The United Nations Office on Drugs and Crime published a report in October about how these infected ads are distributed to consumers through legitimate advertising networks.
“Search engine optimization (SEO) poisoning and deceptive advertising are extensively utilized by criminals engaged in cyber-enabled fraud and other criminal activities to achieve these ends, with both proving effective and scalable as global search engine and social media use continues to grow,” describes the UNOD.
The report also identified malvertising in many online vendors across various platforms that are explicitly advertising registered third-party Starlink devices to cyber-enabled fraud operators based in remote parts of the Mekong Southeast Asia region.
Malvertising attacks can be complex, the report explains. The attacker begins by breaching a third-party server that allows the cybercriminal to inject malicious code within a display ad or some element such as banner ad copy, creative imagery or video content.
The report describes the sequence of events as the malware delivered can damage files, redirect internet traffic, monitor the user’s activity, steal sensitive data or set up backdoor access points to the system.
Malware may also be used to delete, block, modify, leak or copy data, and sold back to the user for ransom or on various underground marketplaces online
A search for “ebay phone number” or “ebay customer service” from the U.S. using Google Chrome returned several ads that were entirely fraudulent, according to security firm Malwarebytes. The company found they were created from four separate advertising accounts -- with some belonging to legitimate entities and some created from scratch.
And while Google has seen most of the malvertising in search and its operating system, no brand is safe from the scam.
Malwarebytes has tracked campaigns spoofs across Amazon, Walmart, Lowe’s and even its own site.
In early November, Jerome Segura, senior director of research at Malwarebytes, wrote about a wave of phishing for banking credentials that targets consumers via Microsoft’s search engine Bing.
A Bing search query for "Keybank login" returned malicious links on the first page, and sometimes as the top search result.
The growing problem ties artificial intelligence (AI) with malware as scams become more sophisticated. Malvertising instances in the U.S. rose 42% month-over-month in fall 2023, and increased another 41% from July to September of this year, Malwarebytes estimates.
Threats during Black Friday and Cyber Monday could see all-time highs.
Malwarebytes warned of several online threats that could target consumers during the next few months. They include brand impersonation and fakes, credit card skimming, and malvertising.