This post is also available in:
עברית (Hebrew)
Cybercriminals have been running a sophisticated phishing campaign using fake Google Ads to steal user credentials, researchers from Malwarebytes Labs have uncovered. These malicious ads impersonate Google’s own advertising platform, tricking users into entering their login details on fraudulent websites.
The scam works by placing deceptive ads in Google’s search results that appear as legitimate Google Ads. For example, if a user searches for “Google Ads,” the top result might look like a sponsored post from Google. However, when users click on the ad, they are taken to a fake login page designed to resemble Google’s real one. Here, hackers collect login credentials and can even create rogue administrator accounts, giving them full control over stolen accounts.
Malwarebytes researchers described this operation as “one of the most egregious malvertising campaigns they have tracked”, with the potential to impact thousands of Google Ads customers globally. The stolen accounts are likely resold on underground forums, where they become a valuable commodity for cybercriminals.
The ads are convincing enough that it can be difficult for users to detect the fraud. The malicious ads are often marked as verified by Google, making them appear legitimate. The phishing sites themselves are often hosted on Google Sites, which allows attackers to create URLs that look almost identical to Google’s official domain, making it even harder for users to spot the scam.
Over the course of their investigation, Malwarebytes researchers identified more than 50 fraudulent ads and contacted victims who had fallen for the scam. Many of these victims reported receiving notifications of suspicious login attempts from Brazil, suggesting the attacks are coming from cybercriminals operating primarily from Brazil. Additionally, two more groups operating with a similar modus operandi were discovered, one located in Asia and another in Eastern Europe.
According to Cybernews, Google is aware of the malicious campaigns and is working to address the issue, stating that it actively reviews ads and enforces strict policies against scams. However, researchers have raised concerns that Google’s defenses are struggling to keep up with the sheer scale and sophistication of these attacks.
