A convincing ad for Amazon appearing in Google search results misleads visitors, redirecting them to a faux Microsoft Defender tech support hoax, subsequently freezing their browser.

BleepingComputer received information about this seemingly authentic Amazon advertisement present in Google’s search results. The ad exhibited Amazon’s authentic URL, mirroring the usual appearance of the company’s standard search result.

Nonetheless, if a user clicks on this deceptive Google advertisement, they find themselves rerouted to a tech support hoax, deceptively representing itself as an alert from Microsoft Defender. The alert falsely claims the user’s system has been compromised by the ads(exe).finacetrack(2).dll malware.

Upon encountering these tech support hoaxes, users’ screens often shift to full-screen mode, making it challenging to exit the page without ending the Google Chrome process. Disturbingly, if Chrome is shut down this way and subsequently restarted, it offers to reopen the closed pages, leading to the same deceptive tech support alert.

BleepingComputer provides a visual demonstration of this misleading Amazon Google advertisement which funnels users to the deceptive tech support website.

Interestingly, in June 2022, Malwarebytes found a similarly genuine-looking YouTube advertisement. This ad also directed unsuspecting users to this familiar tech support hoax by misusing the platform’s URL.

The reasoning behind Google permitting advertisers to mimic URLs of other reputable businesses for such deceptive advertisements remains unclear.

Misuse of Google Ads for Malware Distribution

Both Google and Amazon were approached by BleepingComputer for comments on this deceptive advertising trend. However, as of the time of reporting, neither company has offered a statement.

Over the recent past, Google ads have become a target for certain malicious actors, exploiting them to spread malware, sometimes initiating ransomware offenses.

These malicious entities design replicas of genuine sites, but cunningly modify download links to disseminate malware-laden programs. There’s also an operation that designs Google ads, misleadingly promoting sites that initiate Cobalt Strike beacons. These beacons are manipulated to gain preliminary access into corporate infrastructures, paving the way for potential ransomware offenses.