Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google.
In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. Here’s how it works: Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hacking the Crypto-Monetized Web
June 30, 2022
The web is several decades old. But it largely still relies on the same method of monetization as it always has: advertising. However, things are changing thanks to the power of cryptocurrency and blockchain. It’s what Trend Micro has coined the “crypto-monetized web” (CMW). But where there’s money to be made and users to be ...
- Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem
June 28, 2022
Bumblebee, a recently developed malware loader, has quickly become a key component in a wide range of cyber-crime attacks and appears to have replaced a number of older loaders, which suggests that it is the work of established actors and that the transition to Bumblebee was pre-planned. By analysis of three other tools used in recent ...
- Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
June 28, 2022
Trend Micro Research recently analyzed several cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. After investigating the chain of events, they found that many of these attacks resulted in data being exfiltrated from the infected systems. However, the researchers also found that some of the victims were infected ...
- De-anonymizing ransomware domains on the dark web
June 28, 2022
Ransomware operators typically constrain their activities to the dark web to conceal their illegal activities. Their public leak sites and victim communication portals are accessible only on The Onion Router (TOR) network via a specific URL that is only available via direct disclosure. This limits access to fellow operators, victims and security researchers who track ...
- Raccoon Stealer is back with a new version to steal your passwords
June 28, 2022
The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity. The Raccoon Stealer operation shut down in March 2022 when its operators announced that one of the lead developers was killed during Russia’s invasion of Ukraine. The remaining team promised to return with ...
- AMD targeted by RansomHouse, cybercrims claim to have ‘450Gb’ in stolen data
June 28, 2022
If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year. RansomHouse says it obtained the files from an intrusion into AMD’s network on January 5, 2022, and that this isn’t ...