Multiple threat actors have been engaging in a nefarious scheme by impersonating Google Ads login pages to deceive advertisers into surrendering their account credentials. These attackers, hailing from regions spanning South America, Asia, and Eastern Europe, are using the compromised accounts to purchase and disseminate malicious advertisements and malware through Google Ads.
The attackers have been successful in their fraudulent activities due to the appearance of their ads with an “ads.google.com” URL, making them nearly indistinguishable from legitimate Google ads. Researchers at Malwarebytes have identified this as one of the most egregious malvertising campaigns ever observed. Jerome Segura, a researcher at Malwarebytes, highlighted the severity of the issue, stating that they have been continuously discovering new incidents, even while reporting on existing ones.
Google Ads is a platform that allows businesses and individuals to advertise on Google’s various online properties based on user behavior and interests, bringing in significant revenue for the company. However, the recent influx of fake sponsored ads for Google Ads has led to an increase in malicious activities targeting unsuspecting users looking to advertise or access their accounts.
The scammers are utilizing Google Sites, Google’s free website creation platform, to host fake login pages, thereby circumventing Google’s restrictions on including URLs in ads. This tactic enables them to deceive users into providing their login information, leading to account compromises. Despite Google’s efforts to investigate and address the issue promptly, the threat actors continue to create new accounts and perpetuate the malvertising campaign.
Segura emphasized the simplicity and effectiveness of the social engineering tactic employed by the attackers in impersonating Google Ads through the use of Google Sites URLs. He called for enhanced security measures and stricter enforcement to prevent bad actors from carrying out such fraudulent schemes. Malwarebytes has been actively monitoring and reporting malvertising incidents through a live tracker accessible to Google’s Ads team, but the recurring nature of the attacks poses a significant challenge in shutting them down permanently.
In response to the escalating threat posed by malicious actors impersonating Google Ads, Google has pledged to intensify its enforcement efforts and crack down on fraudulent ads. However, the persistent nature of the attacks underscores the need for continuous vigilance and proactive measures to safeguard users and advertisers from falling victim to these malicious activities. As the investigation continues, it remains crucial for all parties involved to remain vigilant and report any suspicious behavior to mitigate the impact of such illicit schemes.