Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Ads Phishing Campaign Targets Users

January 16, 2025
Reading Time: 2 mins read
in Alerts
Python Malware Enables RansomHub Ransomware

Cybersecurity researchers have uncovered a new malvertising campaign targeting Google Ads users. The threat actor behind this campaign creates fraudulent ads that impersonate Google Ads, which when clicked, redirect victims to fake login pages. These phishing sites are designed to capture user credentials and two-factor authentication (2FA) codes, which are then exfiltrated to an attacker-controlled server. The campaign has been active since at least mid-November 2024, and researchers believe the ultimate goal is to hijack Google Ads accounts, enabling the attackers to run their own ads and sell stolen credentials on underground forums.

The threat actors exploit a vulnerability in Google Ads’ policy

The threat actors exploit a vulnerability in Google Ads’ policy, which does not require the final URL of an ad to match the displayed URL, as long as the domain is similar. This allows attackers to host intermediate landing pages on Google Sites while displaying legitimate URLs like ads.google.com in the ads. To conceal their malicious infrastructure, the attackers use techniques like fingerprinting, anti-bot traffic detection, CAPTCHA-inspired lures, cloaking, and obfuscation. These tactics ensure that their phishing sites evade detection and successfully steal sensitive information from unsuspecting victims.

Once the threat actor obtains the victim’s Google Ads account credentials, they sign in and add themselves as new administrators to the account. From there, they can use the compromised account’s spending budget to push their own fraudulent ads, further contributing to the scam. This cycle continues as more victims fall prey to these hijacked accounts. Malwarebytes researchers have indicated that this campaign is most likely carried out by a group of Portuguese-speaking individuals, with links to Brazil, and that the phishing infrastructure relies heavily on the use of the .pt domain.

Google has acknowledged the issue and stated that it is actively investigating the malicious ads campaign. While Google prohibits deceptive ads intended to steal information, its ad policies allow the use of fraudulent URLs in some cases, making it difficult to distinguish legitimate ads from fake ones. In response, Google has taken action by removing billions of fraudulent ads, suspending millions of accounts, and continuing to monitor its ad network for abuse. However, the lack of effective immediate action leaves users vulnerable to further attacks.

Reference:
  • Fake Google Ads Campaign Targets Users to Steal Credentials and Hijack Accounts
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJanuary 2025
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial