Abuse of Google Ad System
Visitors to the sites are being redirected to fraudulent websites.
Malwarebytes has discovered a malvertising campaign targeting some of the world’s best-known brands – including YouTube, Facebook and Amazon. It exploits a very common search behaviour when it comes to navigating the web: finding a website by name alone, rather than typing the full URL into the address bar. When users do this, they click on one of the first links displayed, and their browsers are flooded with fake warnings. Example: If someone wants to open “YouTube” and types “youtube” into the browser’s address bar instead of the full address “youtube.com”, “www.youtube.com” will appear as the first result. It is therefore likely that this will be clicked on.
The ads are designed in such a way that it is impossible for searchers to distinguish the fake ad from the original. Previous victims relied on the Google search leading to the desired result. Instead, they were redirected to a malicious browser hijacker. Hijacking traffic in this way highlights the problems and abuses associated with the placement of ads versus organic search results.
