Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Ads Phishing Campaign Targets Users

January 16, 2025
Reading Time: 2 mins read
in Alerts
Python Malware Enables RansomHub Ransomware

Cybersecurity researchers have uncovered a new malvertising campaign targeting Google Ads users. The threat actor behind this campaign creates fraudulent ads that impersonate Google Ads, which when clicked, redirect victims to fake login pages. These phishing sites are designed to capture user credentials and two-factor authentication (2FA) codes, which are then exfiltrated to an attacker-controlled server. The campaign has been active since at least mid-November 2024, and researchers believe the ultimate goal is to hijack Google Ads accounts, enabling the attackers to run their own ads and sell stolen credentials on underground forums.

The threat actors exploit a vulnerability in Google Ads’ policy

The threat actors exploit a vulnerability in Google Ads’ policy, which does not require the final URL of an ad to match the displayed URL, as long as the domain is similar. This allows attackers to host intermediate landing pages on Google Sites while displaying legitimate URLs like ads.google.com in the ads. To conceal their malicious infrastructure, the attackers use techniques like fingerprinting, anti-bot traffic detection, CAPTCHA-inspired lures, cloaking, and obfuscation. These tactics ensure that their phishing sites evade detection and successfully steal sensitive information from unsuspecting victims.

Once the threat actor obtains the victim’s Google Ads account credentials, they sign in and add themselves as new administrators to the account. From there, they can use the compromised account’s spending budget to push their own fraudulent ads, further contributing to the scam. This cycle continues as more victims fall prey to these hijacked accounts. Malwarebytes researchers have indicated that this campaign is most likely carried out by a group of Portuguese-speaking individuals, with links to Brazil, and that the phishing infrastructure relies heavily on the use of the .pt domain.

Google has acknowledged the issue and stated that it is actively investigating the malicious ads campaign. While Google prohibits deceptive ads intended to steal information, its ad policies allow the use of fraudulent URLs in some cases, making it difficult to distinguish legitimate ads from fake ones. In response, Google has taken action by removing billions of fraudulent ads, suspending millions of accounts, and continuing to monitor its ad network for abuse. However, the lack of effective immediate action leaves users vulnerable to further attacks.

Reference:
  • Fake Google Ads Campaign Targets Users to Steal Credentials and Hijack Accounts
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJanuary 2025
ADVERTISEMENT

Related Posts

DevOps Servers Hit By JINX0132 Crypto Mine

Fake FB Ban Fix Extension Steals Accounts

June 3, 2025
DevOps Servers Hit By JINX0132 Crypto Mine

Actively Exploited Chrome V8 Flaw Patched

June 3, 2025
DevOps Servers Hit By JINX0132 Crypto Mine

DevOps Servers Hit By JINX0132 Crypto Mine

June 3, 2025
Linux Core Dump Flaws Risk Password Leaks

Linux Core Dump Flaws Risk Password Leaks

June 2, 2025
Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

June 2, 2025
Linux Core Dump Flaws Risk Password Leaks

Google Script Used In New Phishing Scams

June 2, 2025

Latest Alerts

Fake FB Ban Fix Extension Steals Accounts

Actively Exploited Chrome V8 Flaw Patched

DevOps Servers Hit By JINX0132 Crypto Mine

Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

Google Script Used In New Phishing Scams

Subscribe to our newsletter

    Latest Incidents

    Cartier Data Breach Exposes Client Info

    White House Chief of Staff’s Phone Hacked

    The North Face Hit By 4th Credential Hack

    Covenant Health Cyberattack Shuts Hospitals

    Moscow DDoS Attack Cuts Internet For Days

    Puerto Rico’s Justice Department Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial