New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Top Google Search Result for Home Depot is a Malicious Ad

Bleeping Computer has received reports recently about a malicious Home Depot ad on Google search results sending users to tech support scams. While scams are common, this is slightly more dangerous as it is the top result when searching for Home Depot. At first glance it’s nearly impossible to tell that the ad is a fraud. Moving the cursor over top of the link even shows the legitimate Home Depot domain. Not every click will show the scam page but eventually users are led to a Windows Defender tech support scam website that opens the print dialog box and makes it hard for users to close the page. Furthermore, the link only redirects to the same IP address once in a 24-hour period and any other clicks after that will take users to Home Depot’s real landing page. If the victim allows remote access to tech support scammers, it can even lead to a takeover of a victim’s device.

Analyst Notes

Spotting fake ads can be somewhat difficult when they appear as the top result when searching for a product or service. Users should simply be more cautious when looking at Google search results and make sure they’re clicking on the real search page result and that the web site they lead to is the site they expected to visit. Some anti-virus and web security programs are capable of blocking access to known malicious websites, but when threat actors register new domain names and set up new servers to host malicious content, there’s always a delay between when the new infrastructure appears and when security systems begin to recognize the new site as malicious. It’s important to monitor events from employee workstations and alert on potentially malicious behavior to start an investigation.