scam ads: “Googleユーザーのあなた、おめでとうございます!”

For a few months I have been seeing sudden popups in the middle of visiting various websites. The ads are hosted on URLs such as{some-hexadecimal-number} and the back button will be disabled – there is no way to get back to the article that had been reading.

The ads are in Japanese (I am accessing from a Japanese IP address) and tell you that you can win an iPhone X, iPad Air 2 or Samsung Galaxy S6. They then ask some easy questions about who founded Google, in what country it is based and what year it was founded. Regardless of your answers, it will tell you that they were correct and that you have won an iPhone X 64 GB. You are then asked to give your credit card to pay for shipping. I strongly recommend you do not give them your credit card!

Before I started seeing the ads in, I think saw them on a number of different domains that kept changing. For several weeks, one consistent domain has been used instead.

I do not know yet how those ads get injected into the Chrome browser. However, I have seen them on three different machines, one of them a Mac, the others PCs. I doubt all three of them could be infected with the same malware. There’s got to be a different mechanism.

There are a number of Japanese web postings that discuss these fraudulent ads masquerading as prize wins to get people’s credit cards, but none of them explain how the ads are injected or what countermeasure there is, other than closing the tab of the ad once it appears.