Amazon Prime Video subscribers will see new types of advertisements this broadcast year. Amazon announced today that it's adding new ad formats to its video streaming service, hoping to encourage people to interact with the ads and shop on Amazon.
In January, Prime Video streams included commercials unless subscribers paid $3 extra per month. That has meant that watching stuff on Prime Video ad-free costs $12 per month or, if you're also a Prime subscriber, $18 per month.
New types of Prime Video ads
Amazon has heightened focus on streaming ads this year. Those who opted for Prime Video with commercials will soon see shoppable carousel ads, interactive pause ads, and interactive brand trivia ads, as Amazon calls them. Amazon said that advertisers could buy these new displays to be shown "across the vast majority of content on Prime Video, wherever it’s streamed." All the new ad formats allow a viewer to place advertised products in their Amazon cart.
This blog post was written based on research carried out by Jérôme Segura.
A campaign using sponsored search results is targeting home users and taking them to tech support scams.
Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. In the case of malicious sponsored ads, scammers tend to outbid the brands in order to be listed as the first search result.
The criminals that buy the ads will go as far as displaying the official brand’s website within the ad snippet, making it hard for an unsuspecting visitor to notice a difference.
Who would, for example, be able to spot that the below ad for CNN is not legitimate. You’ll have to click on the three dots (in front of where we added malicious ad) and look at the advertiser information to see that it’s not the legitimate owner of the brand.
Only then it becomes apparent that the real advertiser is not CNN, but instead a company called Yojoy Network Technology Co., Limited.
Below, you can see another fake advertisement by the same advertiser, this time impersonating Amazon.
In our example, the scammers failed to use the correct CNN or Amazon icons, but in other cases (like another recent discovery by Jerome Segura), scammers have even used the correct icon.
The systems of the people that click one of these links are likely to assessed on what the most profitable follow-up is (using a method called fingerprinting). For systems running Windows, we found visitors are redirected to tech support scam websites such as this one.
Tech Support Scam site telling the visitor to call 1-844-476-5780
You undoubtedly know the type. Endless pop-ups, soundbites, and prompts telling the visitor that they should urgently call the displayed number to free their system of alleged malware.
These tech support scammers will impersonate legitimate software companies (i.e. Microsoft) and charge their victims hundreds or even thousands of dollars for completely bogus malware removal.
Getting help if you have been scammed
Getting scammed is one of the worst feelings to experience. In many ways, you may feel like you have been violated and angry to have let your guard down. Perhaps you are even shocked and scared, and don’t really know what to do now. The following tips will hopefully provide you with some guidance.
If you’ve already let the scammers in
Revoke any remote access the scammer has (if you are unsure, restart your computer). That should cut the remote session and kick them out of your computer.
Scan your computer for malware. The miscreants may have installed password stealers or other Trojans to capture your keystrokes. Use a program such as Malwarebytes to quickly identify and remove threats.
Change all your passwords. (Windows password, email, banking, etc.)
If you’ve already paid
Contact your financial institution/credit card company to reverse the charges and keep an eye out for future unwanted charges.
If you gave them personal information such as date of birth, Social Security Number, full address, name, and maiden name, you may want to look at some form of identity theft protection.
Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support. They can later use the information you provide to block people/companies.
You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although sharing your experience of falling victim to these scams may be embarrassing, educating other people will help someone caught in a similar situation and deter further scam attempts.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection
On the internet, people need to worry about more than just opening suspicious email attachments or entering their sensitive information into harmful websites—they also need to worry about their Google searches.
That’s because last year, as revealed in our 2024 ThreatDown State of Malware report, cybercriminals flocked to a malware delivery method that doesn’t require they know a victim’s email address, login credentials, personal information, or, anything, really.
Instead, cybercriminals just need to fool someone into clicking on a search result that looks remarkably legitimate.
This is the work of “malicious advertising,” or “malvertising,” for short. Malvertising is not malware itself. Instead, it’s a sneaky process of placing malware, viruses, or other cyber infections on a person’s computer, tablet, or smart phone. The malware that eventually slips onto a person’s device comes in many varieties, but cybercriminals tend to favor malware that can steal a person’s login credentials and information. With this newly stolen information, cybercriminals can then pry into sensitive online accounts that belong to the victim.
But before any of that digital theft can occur, cybercriminals must first ensnare a victim, and they do this by abusing the digital ad infrastructure underpinning Google search results.
Think about searching on Google for “running shoes”—you’ll likely see ads for Nike and Adidas. A Google search for “best carry-on luggage” will invariably produce ads for the consumer brands Monos and Away. And a Google search for a brand like Amazon will show, as expected, ads for Amazon.
But cybercriminals know this, and in response, they’ve created ads that look legitimate, but instead direct victims to malicious websites that carry malware. The websites themselves, too, bear a striking resemblance to whatever product or brand they’re imitating, so as to maintain a charade of legitimacy. From these websites, users download what they think is a valid piece of software, instead downloading malware that leaves them open to further attacks.
A malicious ad for the KeePass password manager appears as a legitimate ad.The real KeePass website (left) side-by-side with a malvertising site (right).
It’s true that malvertising is often understood as a risk to businesses, but the copycat websites that are created by cybercriminals can and often do impersonate popular brands for everyday users, too.
As revealed in our 2024 ThreatDown State of Malware report, the five most impersonated brands for malvertising last year included:
Amazon
Rufus
Weebly
NotePad++
TradingView
These five brands may not all carry the same familiarity, but their products and services capture a broad swath of user interest, from Weebly’s website creation products, to TradingView’s investment trading platform, to Rufus’s niche-but-useful portable OS booting tool.
Why the increase in malvertising last year?
If Google ads have been around for more than a decade, why are they only being abused by cybercriminals now? The truth is, malvertising has been around for years, but a particular resurgence was recorded more recently.
In 2022, cybercriminals lost access to one of their favorite methods of delivering malware.
That summer, Microsoft announced that it would finally block “macros” that were embedded into files that were downloaded from the internet. Macros are essentially instructions that users can program so that multiple tasks can be bundled together. The danger, though, is that cybercriminals would pre-program macros within certain files for Microsoft Word, Excel, or PowerPoint, and then send those files as malicious email attachments. Once those attachments were downloaded and opened by users, the embedded macros would trigger a set of instructions directing a person’s computer to install malware from a dangerous website online.
Macros were a scourge for cybersecurity for years, as they were effective and easy to deliver.
But when Microsoft restricted macro capabilities in 2022, cybercriminals needed to find another malware delivery channel. They focused on malvertising.
Today’s malvertising is increasingly sophisticated, as cybercriminals can create and purchase online ads that target specific types of users based on location and demographics. Concerningly, modern malvertising can even avoid basic fraud detection as cybercriminals can create websites that determine whether a user is a real person or simply a bot that is trawling the web to find and flag malicious activity.
How to protect against malvertising
The threat of malvertising is multi-layered: There are the fraudulent ads that cybercriminals place on Google search results, the malicious websites that imitate legitimate brands and companies to convince users to download malware, and the malware infection itself.
As such, any successful defense strategy must be multi-layered.
For safe browsing, people can rely on Malwarebytes Browser Guard, a browser extension that blocks third-party tracking and flags malicious websites known to be in the control of cybercriminals. As we wrote before:
“Malwarebytes Browser Guard provides additional protection to standard ad-blocking features by covering a larger area of the attack chain all the way to domains controlled by attackers. Thanks to its built-in heuristic engine it can also proactively block never-before-seen malicious websites.”
The problem with malvertising, though, is that new malicious websites are created every single day. Cybersecurity defenders, then, are often caught in a game of catch-up.
Here, users can find safety from Malwarebytes Premium, which provides real-time protection to detect and stop any cyberthreats that get installed onto a device, even if those threats are masquerading as legitimate apps or software.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Login
