A New YouTube Scam – Taking Malvertising to a Whole New Level

Using Google ads is practically the most efficient way to, well, advertise anything. Yes, emphasis on “anything” as even cybercriminals are using this feature to spread malware. Google has been having a hard time lately. First, Google Play Store hosted infected apps. Now, its Google Ads feature is being used to spread a “major” Youtube malvertising campaign.

Youtube Malvertising Scam

When users see a Youtube ad at the top of the search results, they’ll never suspect that it’s going to be some malicious entity waiting for their click.

Well, that’s the plan. Threat actors are using this feature to redirect their victims to tech support scams that disguise themselves as “security alerts” from Windows Defender. What happens next? What are the attackers after? We’ll discuss this in the following article.

Youtube Malvertising – Some Good Old Binge-Hacking

Google Ads can pop up whenever you insert a word in Google’s search engine. Regardless of the topic, users might end up seeing an ad for it.

The feature is pretty popular, and to HubSpot’s Annual State of Marketing Report, as of June 2022, more than 63% of people have clicked on a Google ad.

This shows how effective this malvertising campaign is. It’s a simple trick that requires some technical background. The attackers have created Youtube ads that show up whenever “YouTube” related keywords are submitted.

The malvertisement will be topping the search results. Users will see an ad that is titled: “YouTube – Best of YouTube Videos’ or ‘YouTube.com – YouTube – Best of YouTube videos for You.”

Youtube Fake Ad

Technically and obviously, this is not real. In fact, users should get their first warning sign the moment they’re redirected to the next page.

Clicking on the advertisement will not take the victims to YouTube. Instead, they’ll reach a tech support scam where the attackers disguise themselves as Windows Defender support.

Windows Defender Scam
Source: Malwarebytes

The next step resembles several attacks that require the user to call the attackers directly. The number belongs to an overseas call center and the operator will ask the victims to download TeamViewer.

We all know what TeamViewer allows the other end to do – take control of the target’s computer to “fix” the error. Once they do that, they’ll somehow lock the device, lie about some sort of infection, and prompt the victims to purchase a support license.

When we say that a VPN can protect you from such attacks, take our word for it. Apparently, the attackers are not well prepared for such security technology.

If you operate with a VPN, the malvertisement will show up at the top of your search results. However, if you click on it, the site will check if you are using a VPN. As a result, it’ll direct you to a legitimate YouTube site.

Youtube Malvertising – A License to Hack

Such threats are becoming more dangerous than ever as hackers have shown the ability to create ads that impersonate companies to distribute malware and other malicious practices.

To further secure yourself from such a campaign, you can easily head over to Youtube’s website without having to click on an ad.

And as we mentioned above, a VPN would certainly work in your favor as the malvertising page will not load if you’re operating with one.

Add a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

as-seen-on