There have been many instances where a victim clicks on genuine looking ads and falls prey to attackers. Let's take a look at some common scenarios
Ads on google search - When you search on google for any website, you will be able to see sections which are sponsored pages or ads for websites.
Ads on mobile apps - When you are using mobile apps like gaming apps, shopping apps etc., you might see multiple ads popping up.
Ads on website - When you are browsing online, you would have come across many websites where ads keep appearing.
Such ads can load ads on the application page or redirect you to another websites. While some of these are purely for advertisement purpose, there are many cases with malicious intent or for spamming. Hackers could use ads to lure victim into downloading malwares like adware, spyware, remote access trojans.
One such example is a campaign was observed where hackers used Google Ads to spread FatalRAT malware disguised as Popular apps. The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today. The ads have since been taken down. Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office.
malicious ad on google [1]
The attacker purchases a domain with name very similar to genuine website, for e.g, amazonn[.]com could be easy to be mistaken as "amazon[.]com". Once domain is purchased, hacker will purchase ad slots on google search or any other web/mobile app to move their ads on top of other searches. If a victim falls for the ad with a click or tap, they will be redirected to that malicious domain. The most important aspect of the attacks is the creation of lookalike websites as well.
sample phishing site
Recommendation
In order to protect yourself from such attacks, it's important to beware of what ads you are clicking on, whether it's point to a genuine website or not. If it's a sponsored ad, look for the exact website URLs. If it's asking you download a file, it's definitely suspicious and you should avoid visiting that website.
References
Comments