Nasty new YouTube scam could land you in hot water

Threat actors are abusing the Google advertising system

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A nasty newmalwarecampaign has been identified, abusingGoogle’s advertising system to lay the foundations for all manner of cyberattacks.

Earlier this week, cybersecurity researchers from Malwarebytes discovered that unknown threat actors had bought an ad that is displayed on top of Google’s search engine results pages whenever someone types the keyword “YouTube”, or other relevant keywords.

The particularly nasty part is that it is impossible to distinguish the fake ad from a legitimate example. It features a genuine link (youtube.com) and comes with all of the usual advertising elements. In other words, even the most careful among us could be forgiven for falling for the scam.

Questionable activity

Questionable activity

The red flags appear only after the link has been clicked. Instead of redirecting the victim to YouTube, the link leads them to a fake Windows Defender site, with a popup saying the computer is infected with a trojan. The pop-up states that the victim should call Windows Defender tech support immediately, or face a “complete malfunction” of their endpoint.

BleepingComputercalled the number provided on the screen, and was connected to an overseas call center where a “support technician” asked them to download and runremote desktop softwareTeamViewer. The publication did not pursue the scam further, as it’s safe to assume that the fraudsters would use access to the computer to install some type ofransomwareor similar device-locking malware.

Microsoft support scams skyrocketed over the past year - here’s what you need to know>Watch out for these devious scams on Amazon Prime Day 2022>These are the best proxy services around

In all likelihood, they would then proceed to demand payment for a “premium service” or something else, in exchange for getting their device back.

While we were unable to independently verify if the campaign is still active, Malwarebytes’ latest tweet would suggest it is.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The easiest way to avoid the scam, it was said, is to have aVPNservice running. The fake site will scan the device for any VPNs, and if it finds one, will redirect the device to the legitimate YouTube site.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics