Google Ads Gone Rogue: Malvertising Mayhem Strikes Again!
Beware of the Google Ads malvertising campaign! Cybercriminals are phishing for credentials with fraudulent ads, targeting both individuals and businesses. They hijack ad accounts, redirecting users to fake login pages, all while hiding behind legitimate-looking URLs. It’s like finding out your grandma’s cookies are actually cardboard—utterly disappointing and potentially dangerous!
Hot Take:
Who knew Google Ads could be the virtual version of “The Parent Trap”? One second you’re trying to manage a successful ad campaign, and the next, you’re in a phishing scam where your credentials are swapped for digital mischief. Here’s a reminder: not everything that glitters (or Googles) is gold!
Key Points:
- Cybercriminals are impersonating Google Ads to phish credentials through fraudulent ads.
- Victims are redirected to fake login pages via Google Sites, aiming to steal credentials and 2FA codes.
- The malvertising campaign exploits Google’s allowance for different display and final URLs.
- Most actors are Portuguese-speaking, potentially operating from Brazil, utilizing .pt domains.
- Trend Micro notes similar tactics using YouTube and SoundCloud to distribute malware.
Already a member? Log in here