Malicious ads displayed in Google search results for Target — the US retailer — redirected users to a tech support scam.

The malvertising campaign was spotted on Friday by a US user who posted his observations to a StackExchange thread.

The rogue ad appeared when users searched for the term "target," right at the top of all search results, in the most sought after position of all of Google's ad units.

The malicious ad used a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link. For example, in the rogue ad, the displayed link was "target.com," but users were redirected to "tech-supportcenter.us." Surprisingly, this got past Google's ad quality control service.

Malicious ad

Legitimate search result

If users clicked this ad, hoping they'd land on Target's website, they were redirected to a tech support scam instead.

The page users landed on was mimicking the style of Microsoft's real website, but was urging users to call a phone number to remove a non-existent "HARDDISK_ROOTKIT_TROJAN_HUACK.EXE" file.

Tech support website in Chrome

Tech support scam in IE

At the time of writing, the malicious ads don't appear anymore, and the tech support site is down.

According to VirusTotal data, the tech support scam domain is registered to a Georgian man and was hosted on two IP addresses [1, 2] that have a history with tech support scams, malware hosting, and pharma spam.

Based on VirusTotal logs and user complaints, there appears to have been a malvertising campaign that also targeted Walmart users.

This incident is not the first time malvertisers have managed to poison Google's search results with their rogue ads. Back in February, a similar campaign injected malicious ads in Google search results when searching for the term "Amazon."

Google did not respond to a request for comment from Bleeping Computer in time for this article's publication. Target was made aware of the issue but did not comment.

Image credits: StackExchange user Browly