A new malware campaign has been discovered that abuses Google’s advertising system to lay the foundation for all types of cyberattacks.

Researchers at Malwarebytes have discovered that unknown threat actors purchased an ad that was displayed at the top of Google’s search engine results pages when users searched for the keyword “YouTube”. The ad displayed from searches with similar and other relevant keywords as well.

The scary part of this newly discovered malware is that it is impossible to distinguish the infected ad from the legitimate one. The ad features a genuine link (youtube.com), and comes with all of the usual advertising elements. Even the most aware and careful users could fall for this scam.

Red flags only begin to appear once the link has been clicked. Rather than the victim being taken to YouTube, they’re redirected to a fake Windows Defender website that displays a popup notifying the user that they’re computer has been infected with a Trojan. The malware tries to intimidate the victim by stating that they should call Windows Defender tech support immediately, or face “complete malfunction” of their endpoint.

BleepingComputer said that they called the phone number from the pop up, and it routes to an overseas call center where a “support technician” asked them to download and run remote desktop software TeamViewer.  At this point, the publication did not pursue the scam further, however it can be assumed that the threat actors would use access to the infected system to install a form of ransomware or similar device-locking software.

It’s very likely that the attackers would demand payment for a “premium service” or something else, in exchange for the victim getting their device back.

The easiest way to avoid this particular scam, is to have a VPN service running. The fake Windows Defender site is said to scan the targeted device for VPNs, and if it detects one, will redirect the user to the legitimate YouTube site.

Story via TechRadar