Multiple threat actors are currently engaging in a daring tactic by impersonating Google Ads login pages to deceive advertisers into divulging their account credentials.
These attackers, hailing from regions as diverse as South America, Asia, and Eastern Europe, are then utilizing the compromised accounts in real-time to purchase and disseminate malicious advertisements and malware through Google Ads.
\’Most Egregious\’ Malvertising Campaign Ever
Researchers at Malwarebytes have uncovered a highly sophisticated malvertising campaign that has infiltrated Google’s core operations, impacting a vast number of their global clientele.
According to Malwarebytes researcher Jerome Segura, this operation is unparalleled in its scale and impact, with new incidents emerging continuously, even as they are being reported.
Google Ads, a prominent advertising platform, has become a target for these malicious actors who are exploiting loopholes to deceive users and compromise their accounts.
Segura highlights that the attackers are utilizing Google Sites to host fake pages, circumventing Google’s security measures and making their malicious activities harder to detect.
Google Is Actively Investigating Cyberattacks
Google has acknowledged the severity of the issue and is currently investigating the matter to implement immediate solutions.
The company emphasizes its commitment to preventing deceptive ads and scams that aim to exploit users’ information.
Google’s efforts to combat malvertising are extensive, with millions of ads being removed and accounts suspended to protect users from malicious activities.
Impersonating Google Ads: Simple & Effective Social Engineering
The impersonation of Google Ads by cybercriminals through Google Sites URLs poses a significant challenge in distinguishing between genuine and fraudulent ads.
Segura suggests that Google needs to enhance its security protocols to counteract such social engineering tactics effectively.
Malwarebytes continues to monitor and report malvertising incidents to Google, facilitating prompt action against malicious ads.
