Malvertising Campaign Targets Google Ads Users for Credential Theft
/ 1 min read
🕵️♂️ New Malvertising Campaign Targets Google Ads Users for Credential Theft. Cybersecurity researchers have identified a malvertising scheme aimed at individuals and businesses using Google Ads, where attackers impersonate Google to phish for login credentials. The campaign, active since mid-November 2024, redirects users searching for Google Ads to fake login pages hosted on Google Sites, capturing sensitive information like two-factor authentication codes. The attackers exploit Google’s ad policies, allowing fraudulent URLs in ads, and are believed to operate primarily from Brazil. Google has acknowledged the issue, stating it prohibits deceptive ads and has taken action against millions of violative ads and accounts in 2023. The campaign highlights ongoing challenges in combating sophisticated phishing tactics within advertising networks.
