July 29, 2022

TAG Today - July 2022



TAG Security Analysts Investigate New Malvertising “Tech Support” Scam Abusing Google’s Ad Network  

Image courtesy of Malwarebytes LabsMalvertising is attracting top cybercriminal talent seeking to exploit a complicated, and often opaque, digital advertising supply chain, which is why TAG’s threat intelligence team is working closely with TAG members to identify, investigate, and share actionable information on such threats.

Hot on the heels of Microsoft’s April disclosure that a sophisticated ZLoader banking trojan campaign evolved a email phishing scam to include malicious search engine ads, there have been new reports of pernicious ad malware that hides behind legitimate-looking URLs for major sites in advertisements appearing in Google search results.

On July 22nd, security researchers at Malwarebytes Labs announced a supply chain exploit abusing Google’s ad network to redirect visitors to an illicit infrastructure of tech support scams. 

Image courtesy of Malwarebytes Labs

Unsuspecting users searching by name for popular sites such as YouTube, Amazon, Walmart, or Facebook received a malware-connected ad appearing to be the legitimate site in their Google search results. Clicking on the ad caused their browser to get hijacked with fake warnings urging them to call scammers impersonating Microsoft agents for support.

TAG threat intelligence analysts called the telephone number shown on screen (with appropriate precautions in place) to evaluate the tactics and tools used by the scammers, and we spoke with a surprisingly competent “support technician” at length. The scammer urged us to install an application named “TeamViewer” on our computer, which, unsurprisingly, would turn over full control to the alleged Microsoft technician. 

What makes this campaign stand out is that it exploits a very common search behavior when it comes to navigating the web. Many users look up a website by name instead of entering its full URL into the address bar. By creating a fake – but entirely realistic – ad that appears to link to the site, scammers have been able to convince unsuspecting users to click through the malware-connected ad. 

Hijacking traffic this way is a clever and profitable scheme that demonstrates the increasing sophistication of scammers in exploiting common user behavior, as well as potential vulnerabilities associated with the placement of ads versus organic search results.

Proactive sharing of threat intelligence helps build industry resilience against evolving threats such as these, which is why TAG has facilitated threat-sharing across the digital ad industry since 2015. Since then, TAG’s suite of threat-sharing capabilities has grown to include curated tools for anti-fraud and anti-piracy threats, as well as industry briefings to facilitate a coordinated response to major malvertising and ad fraud attacks.

The TAG Threat Exchange enables the TAG Community to share real-time intelligence about threats they see, stay abreast of new and emerging threats that could affect their operations, and protect the digital advertising supply chain as a whole. For more information on the TAG Threat Exchange, visit https://www.tagtoday.net/threat-sharing



TAG Team Spotlight: Jamie O'Donnell, Director of Membership and Operations


1) What is your role at TAG?

I’m the Director of Membership & Operations and was the third employee at TAG, back when we were just a fledgling organization, and I wore many different hats. 

Seven years and 750+ member companies later, we have grown and evolved with the industry in the fight against criminal activity, but also in supporting the brand safe practices that make this marketplace run well. Although you can find my fingerprints on most aspects of TAG, I’m focused on engaging with our future and current members to get them participating in the programs and initiatives that align with their objectives.

2) What stands out to you about the work you do or have done at TAG?

For me, it’s about the legacy that we get to build and leave behind. Being a part of a team that has the privilege of breaking ground on some of the industry’s most important and lasting standards, policies and initiatives is what gets me excited about promoting TAG’s programs.

3) What fun fact about you would surprise your TAG friends and colleagues?

I’m a bit of a gearhead and enjoy following Formula1 racing. Verstappen and Ricciardo are my favorite drivers.


From an Interview on Brand Safety with Lauren Davies, Vice President of Global Ad Operations at Vevo, in ExchangeWire:

“We all have a part to play to address concerns around brand safety and ad waste. It’s on us as content owners to know the videos that exist within our library inside and out and to be trustworthy, transparent partners for the brands leveraging our content.

“Industry standards and collaboration make this kind of transparency much easier, as it holds publishers accountable, so it’s incredibly important to have these in place. Organisations, such as TAG and IAB, have several rigorous certifications around brand safety and ad fraud for publishers and media brands, setting up a framework in a way that everybody knows and follows.

“Additionally, these organisations help brands better understand, source, and vet brand safe content owners which are enforcing these standards and offering a best-in-class ad environment.”


From “As Ad Tech Consolidates, Publishers Need To Tread Carefully” by Jayson Dubin, CEO of Playwire, in AdExchanger: 

“Consolidation is happening at record-breaking speed in ad tech. That leaves the industry with a problem. At best, this consolidation is confusing for publishers. At worst, it’s causing them to partner with tools and companies that simply can’t deliver on the promises they are making. … 

"Publishers can protect themselves in the midst of disruption by taking a few easy steps [including]: Check for reputable partners and relevant certifications …

“Are they certified with the Trustworthy Accountability Group (TAG)? Without TAG certification, major brands won’t work with you or your inventory.”


One more thing...

🧑🏻‍💻👨🏼‍💻👩🏽‍💻 - Leverage TAG Research into Your Everyday!

From APAC Fraud Snapshot reports, to UK Brand Safety Consumer reports, to Best Practices whitepapers, TAG's research is here to support our member's day-to-day compliance as well as strategic planning. 

Visit our Data and Insight page 👉 tagtoday.net/insights

📣📣📣 - Let's Make Some Noise Together 🤝

We love it when TAG members highlight our work together to fight digital ad crime and improve transparency. Please send any TAG-related press releases, blogs, or other announcements to Andrew Weinstein at andrewwstn@gmail.com for review before release.


Topics: Blog