HQ/EMEAFind out how we can help your business
A highly sophisticated malvertising campaign is targeting Google’s advertising platform, posing a severe threat to both advertisers and the tech giant’s business model.
Cybercriminals are impersonating Google Ads login pages to steal credentials and gain access to advertiser accounts, which they then hijacked to distribute malicious advertisements and malware.
This widespread operation, tracked by researchers across South America, Asia, and Eastern Europe, has already impacted thousands of advertisers globally. The attackers rely on an especially deceptive tactic: using URLs that closely mimic legitimate Google Ads links, such as ads.google.com. This approach makes it nearly impossible for victims to differentiate between genuine ads and phishing attempts.
Researchers have labelled this campaign as the most significant malvertising operation they have ever observed.
The fake ads are designed to mislead users into visiting fraudulent Google Ads login pages, where their credentials are stolen. These stolen accounts are then used to propagate more malicious ads, creating a challenging cycle to disrupt.
The attackers have also exploited Google Sites, the company’s free website creation tool, to host phishing pages. By using URLs that appear legitimate under Google’s domain policies, these malicious ads bypass security filters and gain visibility in search results.
Google has acknowledged the severity of the issue and confirmed that it is actively investigating the matter. A spokesperson for the company emphasised that deceptive ads designed to steal user information are strictly prohibited. In 2023 alone, Google removed over 3.4 billion ads, restricted 5.7 billion, and suspended 5.6 million advertiser accounts in its efforts to combat such threats.
Despite these enforcement measures, researchers have noted that attackers continue to evade detection by creating new accounts and employing techniques like cloaking and text manipulation to bypass Google’s review systems.
Experts have called for Google to strengthen its security policies to make impersonation schemes more difficult. This advice includes revisiting current business practices and enhancing the review processes for ads and URLs.
As the fight against malvertising intensifies, cybersecurity researchers are maintaining live trackers to help Google identify and take down these campaigns. However, the persistence of attackers highlights the need for more robust measures to protect advertisers and users from falling victim to such schemes.
