Watch Tech Support Scam Take Over a Browser via Facebook Ads

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this

Facebook users in France are subject to a wave of malicious ads, which if clicked, will redirect them to a website hosting a tech support scam.

The campaign was first reported on the Malekal forum by French users. At the moment, the malvertising attack seems to be aimed at French-speaking users only, with all the malicious ads appearing to advertise French sites, but silently redirecting potential visitors to web pages that scare users with ominous warnings.

Below are two of the ads that appear to redirect users to pages showing tech support scams.

Malicious Facebook ad

Malicious Facebook ad (via Malekal)

The ads observed redirecting users to tech support pages are for the following domains:

hxxp://actu.com-vnv.com/1
hxxp://actu-europe.com/camp1/
hxxp://actulist.com/adv1/
hxxtp://hebdo-actu.com/ad-s1/
hxxp://twimflp.com/ads-03/
hxxp://25608498.com/
hxxp://com-uknewsnow.com/

Clicking on any of those ads redirects users to the website pictured below, located at “hxxp://scansecure21.online/virus-alerte/”

By altering the link path, we couldn’t find a homolog localized URL for English, German, or other users. Nevertheless, scammers manage large server and domain portfolios, and if there’s a similar malvertising campaign targeting users of other countries, the crooks might simply be redirecting those visitors to another URL.

Tech support scam page

Tech support page where users are redirected

Users told they’ve been infected with the Zeus Virus

For the French version of this tech support scam, crooks attempt to trick victims into calling a phone number for tech support services by telling users they’ve been infected with the “Zeus Virus.” Zeus is the name of an older banking trojan, whose source code was leaked many years ago and has been used as the base for many of today banking trojans.

If users dismiss the popup telling them they’re infected with the virus, the underlying page tells them their system has encountered errors.

French security researcher Malekal Morte, who first investigated this campaign, has also recorded a YouTube video showing how quickly the malicious ads take a user from Facebook to the tech support scam page.

Source:https://www.bleepingcomputer.com

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this