Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google.
In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. Here’s how it works: Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Uber security breach ‘looks bad’, potentially compromising all systems
September 15, 2022
Uber reportedly has suffered another massive security incident, which is likely more extensive than its 2016 data breach and potentially may have compromised its entire network. It also can result in access logs being deleted or altered. A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services ...
- Hive ransomware claims cyberattack on Bell Canada subsidiary
September 15, 2022
The Hive ransomware gang claimed responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS). BTS is an independent subsidiary with more than 4,500 employees, specializing in installing Bell services for residential and small business customers across the Ontario and Québec provinces. While the Canadian telecommunications company didn’t reveal when its ...
- Self-spreading stealer attacks gamers via YouTube
September 15, 2022
An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords ...
- CISA: Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
September 14, 2022
This joint Cybersecurity Advisory (CSA) is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), U.S. Cyber Command (USCC) – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian ...
- A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
September 14, 2022
Trend Micro researchers have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems. One of the older vulnerabilities that is still being actively exploited by malicious ...
- Ransomware gang threatens 1m-plus medical record leak
September 14, 2022
Two recent ransomware attacks against healthcare systems indicate cybercriminals continue to put medical clinics and hospitals firmly in their crosshairs. Daixin Team has taken credit for a September 1 assault on Texas-based OakBend Medical Center, causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. The criminals claim to have stolen ...