Ads might be annoying, but they’re the reason Google doesn’t charge you every time you search for something. Occasionally, they’re even helpful: If you search for a particular product, and a Google ad serves you up its website as a first result, you’re quickly where you need to be. Lately, however, you might be better off skipping any ads Google throws your way: Researchers have spotted fake ads on the platform that, at first glance, look just like the real thing.
It’s called “malvertising” (a great name for a terrible issue): Bad actors inject fake advertisements with malware, hoping users will believe the ad is legitimate. You might think everything about the ad is legit, down to the website URL, but when you click on it, you come face-to-face with a scam, not the site you’re expecting to visit.
Malwarebytes Threat Intelligence first highlighted this issue with fake Google ads in a tweet last month. They started a Google search for “YouTube,” a simple request that should offer a straightforward path to the video service (since Google owns it, after all). However, rather than deliver a standard YouTube link at the top of the search results, Google serves up an ad for the site.
At first glance, this ad appears to be legitimate, especially since the URL is correct (https://www.youtube.com). Why wouldn’t the link take you to YouTube? When clicked, however, something goes terribly wrong: An alert from “Windows Defender” claims the website was blocked “due to questionable activity,” citing a Trojan Spyware issue, and to contact tech support for the solution.
It might not come as a surprise to learn that this alert isn’t Windows Defender, and that “tech support” isn’t legitimate: According to BleepingComputer, if you reach out to “tech support,” they instruct you to download TeamViewer to your computer, in order to remotely fix the issue for you. Since TeamViewer allows another user to fully control your computer, it’s likely the malicious users would use the software against you, either to lock you out of your computer and demand ransom, or to steal information from you.
🚨 We detected a major malvertising campaign abusing Google Ads.
➡️ Stay tuned for our full report on this campaign. pic.twitter.com/VzAdtgVR3q
— Malwarebytes Threat Intelligence (@MBThreatIntel) July 20, 2022
At this time, a Google search for YouTube doesn’t pull up this malicious ad, or any ad at all, so at least this particular situation is fixed. But that doesn’t mean all other malvertisments have been squashed. With any Google search, there is a chance the ads that appear above typical results could be malicious, without many ways for the user to know until clicking on them.
How to stay safe from fake Google ads
Your best bet, then, is to avoid Google ads altogether. That really isn’t a tall order — often, the official search results that appear below the ads are all you need to complete your query. It’s also one less ad Google can use to track your interests.
If you do need to click on an ad, there are subtle signs to look out for: If you look at Malwarebyte’s tweet, the results come in as “YouTube – Official Website.” A legitimate result for YouTube only shows its name. In addition, the text below the title looks a bit off, as if its pulling from the description of a YouTube video. The real result doesn’t do that, rather it offers a quick summary of YouTube as a platform.
Of course, if the hackers are sly and create a truly-convincing ad, the last resort is this: If an ad takes you somewhere other than the site you intend to visit, close out of the window. Don’t follow any “alert’s” instructions, don’t install any software, just GTFO. Clicking the ad itself likely won’t hurt your computer, but installing malicious software or allowing hackers to remotely access your computer through a program like TeamViewer will.