How do these fake Google ads work? How to protect yourself from it?
Ads can be annoying, but they are the exact reason why Google doesn’t charge you every time you look for something there. Sometimes these can even be useful: if you are looking for a particular product and a Google advertisement serves you the site in question as the first result, you can quickly get to where you want to go. Lately, however, you better avoid those ads that Google places in your way: researchers have discovered fake ads on the platform that, at first glance, look perfectly legitimate.
This practice is called “malvertising”: malicious people inject false advertisements with malware, hoping that users will think that their advertisement is legitimate. You might think everything is normal, down to the site URL, but when you click on it, you end up with a scam and not the site you expected to visit.
Malwarebytes Threat Intelligence first discovered this issue in fake Google ads in a tweet last month. They had run a Google search for the term “YouTube,” a simple query that would normally offer a link to the video service. However, rather than offering a standard link to YouTube at the top of search results, Google displays an advertisement for the site.
At first glance, this advertisement seems quite innocent, especially because the URL is correct (https://www.youtube.com). Why wouldn’t the link take you to YouTube? When you click, however, something happens: an alert from “Windows Defender” claims that the site has been blocked due to suspicious activity, citing a problem with Trojan-type spyware, and advises you to contact the “technical support” to solve the problem.
This alert did not come from “Windows Defender” and this “technical support” is not legitimate. According to BleepingComputer, if you contact this technical support, they ask you to download TeamViewer on your computer to remotely fix the problem for you. Since TeamViewer is software that allows a third party to take control of your computer, it’s a safe bet that the person on the other end is using the software against you, whether it’s to get you away from your machine. and demand a ransom or to steal your personal data.
At the time of this writing, a Google search for YouTube does not bring up this malicious advertisement, or any for that matter. At least that exact issue has been fixed, but that doesn’t mean all those fake ads are gone. With any Google search, it is possible that the ads that appear above the results are dangerous, and users can’t tell without clicking on them.
Your best option is to avoid all Google ads. It’s not really a big challenge. And these are all advertisements that Google will not be able to use to track your interests.
If you need to click on an advertisement, try to notice some signs: if you look at the tweet from Malwarebytes, the results appear under “YouTube – Official Website”. A normal result for YouTube would only show its name. Also, the text under the title looks odd, like it was taken from a YouTube video description. The actual result doesn’t do that, instead offering a quick summary of YouTube as a platform.
Of course, if the hackers manage to create a really convincing ad, the last resort is this: if an ad takes you anywhere other than the site you want to visit, close the window. Do not follow any instructions from any alert, do not install any software. Clicking on the ad itself most certainly won’t do anything to your computer, but it will install malware or allow a third party to access your computer through a program like TeamViewer.
🚨 We detected a major malvertising campaign abusing Google Ads.
➡️ Stay tuned for our full report on this campaign. pic.twitter.com/VzAdtgVR3q
—Malwarebytes Threat Intelligence (@MBThreatIntel) July 20, 2022