Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts

In a campaign uncovered by security researcher Jérôme Segura from Malwarebytes, cybercriminals have been using fraudulent Google Ads to target advertisers. This sophisticated phishing operation exploits the trust associated with Google’s ad platform, redirecting victims to fake login pages and compromising their accounts. These stolen accounts are then monetized through blackhat forums or used to perpetuate further fraudulent campaigns.

Cybercriminals impersonate Google Ads through malicious sponsored results, luring individuals and businesses into entering their credentials on fake login pages. According to the report, “The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.”

The hackers then use the stolen credentials to access the victims’ Google Ads accounts and run their own ads. These ads can be used to promote scams, distribute malware, or simply generate revenue for the hackers. The scam is particularly effective because it targets advertisers, who are more likely to have substantial budgets in their Google Ads accounts.

The operation targets advertisers looking to sign up or log in to Google Ads. Victims are tricked into:

1. Entering credentials on phishing pages hosted on Google Sites.
2. Falling for fake CAPTCHA challenges designed to obscure malicious intent.
3. Experiencing financial and reputational damage when accounts are hijacked.

The campaign has been observed globally, with attackers leveraging geolocated proxies to tailor their operations. The report identifies at least three distinct groups:

1. Brazilian Team: The most prolific group, with phishing kits featuring Portuguese comments.
2. Asian Team: Operating from Hong Kong or China, using different phishing kits with Chinese annotations.
3. Eastern European Team: Known for leveraging fake CAPTCHA lures and advanced obfuscation techniques.

Segura warns, “The losers are the hacked advertisers and innocent victims that are getting phished.”

Related Posts:

• Facebook advertisers use user’s sensitive information to display ads
• Google Chrome built-in “bad” ads blocking function, triggering some dissatisfaction with advertisers
• Massive Scam Surge: Google Ads Fueling Fraud