Researchers regularly see malicious ads in search results that are presented as coming from legitimate companies and organizations. Whether it’s a regional municipality, a utility like an electric company, or a large company, people will use search engines simply to get the URL of an organization. And if the first results or the most convenient results to click are ads, scammers have the opportunity to buy this property.
“The volume of this stuff is huge,” says Sean Gallagher, senior threat researcher at Sophos. “Search engines like Google will say they check the content of ads to make sure they are safe, but the problem is that attackers use ad delivery networks and can redirect the URL after you pay for the ad.”
Google is clearly aware that malicious advertising activity is growing and evolving. The company specifically addresses misleading and fraudulent advertising activity in its policiesincluding a “misrepresentation policy”, and says that numerous approaches are needed to examine ads and detect malvertising. However, attackers have continued to develop circumvention methods to prevent their ads from being flagged or removed. In 2023Google blocked or removed around 5.5 billion ads and suspended more than 12.7 million advertiser accounts.
The company has also taken steps over the years to label ads clearly and delimit them in the design of search results. Still, any search engine that is supported by ads ultimately has the two types of content side by side, especially on mobile devices where users have limited screen real estate.
“We expressly prohibit ads that attempt to circumvent our app by disguising the advertiser’s identity to trick users and distribute malware,” the Google spokesperson said.
Nate Funkhouser told WIRED in a statement. “When we identify an ad that violates this policy, we remove it and suspend the associated advertiser’s account as quickly as possible.”
Sophos’ Gallagher notes that criminals can often get the most bang for their buck by purchasing ads for more exclusive searches, where they can dominate the ad space and rise to the top of results more organically. But Sophos and Malwarebytes researchers also regularly see malicious ads running on popular searches such as those from Google, Walmart, Disney+, Slack, Lowe’s, and Apple. Segura even says that Malwarebytes has to invest heavily in purchasing search engine ads just to keep malicious advertising at bay for the company’s brand.
“We have to defend our brand a lot,” he says. “People take advantage of that.”