The idea behind this method of scam makes sense. After all, whenever you type in, for example, YouTube in a browser search bar, Google will more often than not put an ad for the YouTube home page at the very top of the search results. The actual link to the same page will appear immediately below, and clicking both brings you to the same page anyway. That is of course assuming that you’ve clicked on a genuine “ad”. Click on a fake one, and chances are you’ll get redirected to a fake tech support page pretending to be a security alert from Windows Defender. This even comes with a number for you to call to get “help” from.

➡️ Stay tuned for our full report on this campaign. pic.twitter.com/VzAdtgVR3q — Malwarebytes Threat Intelligence (@MBThreatIntel) July 20, 2022 BleepingComputer went along with the scam attempt for a bit, and reports that the “support technician” prompted the download and installation of TeamViewer, a remote access and remote control software. From there, it’s more than likely that the cybercriminals will install some form of malware in the guise of “fixing” the issue. Despite only being recently reported, Malwarebytes estimates that this malvertising campaign is actually a few weeks old. And while no numbers are available as to the number of victims, they’re likely to be pretty high. After all, this method not only makes use of Google ads which often come before actual search results, but also utilises popular search terms, two of which have global reach. (Source: Malwarebytes [1], [2], BleepingComputer via TechRadar)