Security researchers have issued a warning about an ongoing Google hack attack that poses a threat to users as cybercriminals are exploiting a vulnerability in the sign-in-with-Google authentication process. The attack methodology involves stealing sensitive data, including login credentials and bypassing two-factor authentication codes. This alarming discovery comes on the heels of another warning for Chrome users about not clicking twice to avoid falling victim to recent attack campaigns.
While credential-stealing attacks are not a new phenomenon, security experts have labeled this latest Google hack attack as a “new extreme.” According to newly published research from Malwarebytes, cybercriminals have intensified their efforts by targeting advertisers through impersonating Google Ads in fraudulent ads. These ads lead unsuspecting victims to fake login pages where their account credentials are phished, allowing hackers to take over accounts in real-time.
The attack flow of this perpetual hack campaign involves hackers disguising themselves as fake Google Ads login pages to deceive advertisers, stealing their account credentials and deploying their own malicious ads. These malicious actors then add the compromised accounts to a pool of hacked accounts to perpetuate the attack. The fraudulent URLs in the ads make them indistinguishable from legitimate sites, enabling the attackers to fly under the radar and evade detection.
The consequence of falling victim to this Google hack attack can result in financial losses for advertisers, with some hackers using the campaigns to distribute malware and infect business networks. Malwarebytes has identified this malvertising operation as the most egregious they have ever tracked, impacting thousands of Google customers worldwide.
In response to the escalating threat, Jerome Segura, senior director of research at Malwarebytes, has advised users to remain vigilant when encountering sponsored ad results on Google search. He emphasized the importance of using an ad-blocker to reduce susceptibility to falling for phishing schemes embedded in fraudulent ads.
Google has assured that they prohibit ads aimed at deceiving users to steal information or scam them and stated that their teams are actively investigating the issue to address it promptly. Additionally, users are encouraged to read Google’s phishing mitigation advice to protect themselves from falling victim to such attacks.
As the threat landscape continues to evolve, it is crucial for users to stay informed and take necessary precautions to safeguard their sensitive information from malicious actors seeking to exploit vulnerabilities in popular platforms like Google. Vigilance, awareness, and proper security measures are essential in mitigating the risks associated with perpetual hack attacks like the one targeting Google users.