Billions of Google users warned of Amazon 'malvertising' that sneakily empties your bank account | The Sun
A CYBERSECURITY company has issued a warning to Google users over so-called Amazon 'malvertising' – where people are lured into downloading malware by fake adverts.
The number of Google adverts masking malware is on the rise again following a cool-down period, according to a new report by Malwarebytes.
"Unfortunately, not all advertisers have good intentions and the worst of them will exploit anything they can to put out ads that are malicious," Jérôme Segura, director of threat intelligence at Malwarebytes, wrote in a blog post.
"It's important for users to be aware that criminals can buy ads and successfully bypass security mechanisms all the while impersonating well-known brands."
Cyber criminals are increasingly leveraging big brands such as Amazon for their malicious activities.
"One particularly devious kind of malvertising is brand impersonation where criminals are buying ads and going as far as displaying the official brand's website within the ad snippet," Segura explained.
READ MORE ON GOOGLE
Google warns all Android users to delete app if they see red flag pop-up
People are just realising hidden feature that will change how Google looks
"We previously reported several incidents to Google and it appeared that those ads using official URLs were no longer getting through.
"However, just recently we noticed a surge in new campaigns again."
Segura and his team at Malwarebytes trawled Google for a week, and found ads not only claiming to be Amazon's official website but also displaying the amazon.com URL.
This makes detecting a dodgy link much harder.
Most read in Tech
Netflix fans think they've found a cheeky way around new account sharing ban
People are just realising their Wi-Fi is made WORSE by 'hidden signal killer'
Your Sky TV box is in the WRONG place – three mistakes that are slowing it down
The secret WhatsApp menu that instantly upgrades your app
The advertisers behind these 'malverts' have been verified by Google, according to the report.
The Sun has contacted Google for comment.
"While most of the brand impersonations we have seen recently are pushing tech support scams, this is not the only threat facing consumers," added Segura.
"For example, we saw an ad that pretended to be Amazon's login page but instead redirects users to a phishing site, first stealing their password before collecting their credit card number."
The nature of Amazon's business model, where advertisers can be legitimate affiliates and associated with the brand, means the name and URL can be exploited more easily.
But hackers can also use a method known as cloaking to evade detection.
Cloaking is when scammers use two types of URLs: the legitimate URL (or decoy) and the money URL (the malicious one).
This lures cyber savvy Google browsers into clicking a link, even when they've checked that the URL looks legitimate.
"One important thing to remember is that these domains are not immediately seen by Google," Segura continued.
For example, fraudsters use traffic filtering services to detect if a click is from a real user or a bot.
From there, the filter can then decide to forward the bogus click to Amazon's website and therefore maintain its cover.
While artificial intelligence (AI) can help track down malvertising and squash the scheme, it's unlikely to fix it completely, according to Segura.
Luckily, numerous malware-infested domains are often registered to one scammer at a time – so if you take down the scammer, a number of malverts disappear with them.
How can I protect myself?
Malvertising is a "complex issue", said Segura, and "it's easy for someone nefarious to abuse any given platform."
But online browsers can use ad blockers to protect themselves.
Read More on The Sun
Towie rocked by show’s ‘worst ever feud’ that’s left cast more divided than ever
The UK beach that’s been compared to the Maldives with white sand & blue waters
Experts at PC Mag recommend these:
- uBlock Origin
- Ghostery
- Adblock Plus
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
Source: Read Full Article