Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google.
In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. Here’s how it works: Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- AstraLocker ransomware shuts down and releases decryptors
July 4, 2022
The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files ...
- British Army Twitter and YouTube feeds hijacked by crypto-promos
July 4, 2022
The British Army has apologizsed after its Twitter and YouTube accounts were compromised by entities that used them to promote NFTs. As recorded by The Wayback Machine, the @BritishArmy Twitter feed hosted content promoting non-fungible tokens described thusly: “The Anomalies is a collection of special Possessed 1/1s”. According to Web3-watcher Web3 is going just great – the ...
- Crypto sleuths pin $100 million Harmony theft on Lazarus Group
July 1, 2022
Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. The company said it had tracked the movement of some of the stolen cryptocurrency to a so-called mixer used to launder such ill-gotten funds. Blockchain startup Harmony announced June 23 ...
- #StopRansomware: MedusaLocker
June 30, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. ...
- Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit
June 30, 2022
Since it became operational in April, Black Basta has garnered notoriety for its recent attacks on 50 organizations around the world and its use of double extortion, a modern ransomware tactic in which attackers encrypt confidential data and threaten to leak it if their demands are not met. The emerging ransomware group has continued to ...
- Toll fraud malware: How an Android application can drain your wallet
June 30, 2022
Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve. Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique ...