I encountered malicious redirects from Google Search results in two different laptops.
While browsing Google search results on chrome, I click on one of the links to a trusted https website. The click is somehow highjacked and lands me on a malicious site (clearly scam / phishing fake survey at best). If I close the malicious page and click again on the same link I'm redirected to the proper page. This happens randomly and very sparsely (twice a month aprox), so it's very difficult to reproduce at will.
- None of them have any dubious addons, or dubious software. Nothing sketchy on the installed software list.
- Chrome has the following addons installed: uBlock, u-Matrix, decentraleyes, httpseverywhere, and a few other (likely) irrelevant addons.
- Malwarebytes and Nod32 full scan is clean. Nothing dubious when checking with processExplorer or autoruns (with virus total submission enabled).
- Both laptops have different internet feeds, in fact they are in different cities. They have coexisted in the same network for a few weeks in the past.
- DNS configuration seems unaltered (automatic), when checked with ipconfig points to servers owned by the ISP
- The destination sites didn't seem the issue, they were reputable sites, last case (the only for which I can remember the site), from a big aerospace company, with no advertiser content, or 3rd party scripts apart from google analytics. The target website doesn't look like it even got loaded, I'm landed directly on malware domain, with no option to go "back" or no trace on the history of the original page.
What is the most likely explanation? Does this mean both computers are compromised by some kind of adware malware?
How could such a problem be traced to its cause?
Is this a new common thing I haven't heard about?