Cybercriminals Compromise Google Ads with Fraudulent Tesla Websites to Distribute Malware

In recent weeks, a surge of sponsored listings promising preorders for Tesla’s highly anticipated Optimus robots has emerged at the top of Google search results. These advertisements have directed unsuspecting users to counterfeit microsites that closely mimic Tesla’s design, falsely claiming to accept $250 “non-refundable” deposits for early access to the robotics platform. What initially appeared to be a standard phishing scam has evolved into a more sophisticated operation, as hackers have weaponised these fake Tesla landing pages to distribute custom malware payloads. Analysts from the Internet Storm Center noted that this campaign first surfaced around early August, coinciding with Tesla’s promotional materials that reignited public interest in Optimus.

By registering domains such as Offers-Tesla.com and Exclusive-Tesla.com, the threat actors have successfully bypassed traditional email filters and social media monitoring, instead utilising Google’s advertising platform for maximum visibility. Victims clicking on these paid ads have encountered seemingly legitimate preorder forms, unaware that malicious scripts are being silently injected behind the scenes. Upon submitting the form, rather than charging the test credit card provided, the site responds with JavaScript designed to fingerprint the visitor’s browser and download a second-stage loader. Researchers have identified this loader as a variant of the widely observed “SilentLoader” family, which is configured to fetch additional modules from the actor-controlled domain Caribview.info. 

Categories: Cybersecurity Threats, Phishing Scams, Malware Distribution 

Tags: Optimus, Tesla, Preorder, Malware, Phishing, Counterfeit, Dynamic Script Injection, SilentLoader, Browser Fingerprint, Infection Mechanism