A CYBERSECURITY company has issued a warning to Google users over so-called Amazon ‘malvertising’ – where people are lured into downloading malware by fake adverts.
The number of Google adverts masking malware is on the rise again following a cool-down period, according to a new report by Malwarebytes.
2
2
“Unfortunately, not all advertisers have good intentions and the worst of them will exploit anything they can to put out ads that are malicious,” Jérôme Segura, director of threat intelligence at Malwarebytes, wrote in a blog post.
“It’s important for users to be aware that criminals can buy ads and successfully bypass security mechanisms all the while impersonating well-known brands.”
Cyber criminals are increasingly leveraging big brands such as Amazon for their malicious activities.
“One particularly devious kind of malvertising is brand impersonation where criminals are buying ads and going as far as displaying the official brand’s website within the ad snippet,” Segura explained.
“We previously reported several incidents to Google and it appeared that those ads using official URLs were no longer getting through.
“However, just recently we noticed a surge in new campaigns again.”
Segura and his team at Malwarebytes trawled Google for a week, and found ads not only claiming to be Amazon’s official website but also displaying the amazon.com URL.
This makes detecting a dodgy link much harder.
Most read in Tech
The advertisers behind these ‘malverts’ have been verified by Google, according to the report.
The Sun has contacted Google for comment.
“While most of the brand impersonations we have seen recently are pushing tech support scams, this is not the only threat facing consumers,” added Segura.
“For example, we saw an ad that pretended to be Amazon’s login page but instead redirects users to a phishing site, first stealing their password before collecting their credit card number.”
The nature of Amazon’s business model, where advertisers can be legitimate affiliates and associated with the brand, means the name and URL can be exploited more easily.
But hackers can also use a method known as cloaking to evade detection.
Cloaking is when scammers use two types of URLs: the legitimate URL (or decoy) and the money URL (the malicious one).
This lures cyber savvy Google browsers into clicking a link, even when they’ve checked that the URL looks legitimate.
“One important thing to remember is that these domains are not immediately seen by Google,” Segura continued.
For example, fraudsters use traffic filtering services to detect if a click is from a real user or a bot.
From there, the filter can then decide to forward the bogus click to Amazon’s website and therefore maintain its cover.
While artificial intelligence (AI) can help track down malvertising and squash the scheme, it’s unlikely to fix it completely, according to Segura.
Luckily, numerous malware-infested domains are often registered to one scammer at a time – so if you take down the scammer, a number of malverts disappear with them.
How can I protect myself?
Malvertising is a “complex issue”, said Segura, and “it’s easy for someone nefarious to abuse any given platform.”
But online browsers can use ad blockers to protect themselves.
Experts at PC Mag recommend these:
- uBlock Origin
- Ghostery
- Adblock Plus
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
