Forbes reports that hackers are leveraging Google Ads to target Microsoft advertiser accounts, aiming to steal login credentials and gain unauthorized access to the advertising platform. Malwarebytes researchers uncovered this scheme, revealing how malicious ads appearing in Google Search results are used to phish sensitive data.
Despite Google’s security measures, Malwarebytes discovered sponsored ads containing malicious links. Upon contacting Google, Malwarebytes received a statement confirming the company’s prohibition of deceptive ads and their policy of suspending accounts engaging in such practices.
The hackers employ sophisticated techniques to conceal their malicious activities from bots, security scanners, and web crawlers. Users connecting via a VPN are redirected to a benign “white page” displaying innocuous marketing content. However, users without a VPN are directed to a cloaking page presenting an “Are you human?” verification check. Following this, users are presented with a fraudulent Microsoft Ads platform login page hosted on a malicious domain. This fake login page displays a fabricated error message, prompting users to change their password. Jérôme Segura, senior director of research at Malwarebytes, warns that this tactic also attempts to bypass two-factor authentication (2FA) protections.
Segura offers several crucial tips for online safety:
- Verify website legitimacy before entering login credentials.
- Utilize 2FA diligently and authenticate all access requests.
- Regularly monitor advertising accounts for suspicious activities and unauthorized modifications.
- Report suspicious ads to protect other users.
Google has acknowledged these malicious ad campaigns and is actively taking countermeasures. They are reviewing associated accounts and malicious ads, implementing appropriate actions according to their policies.
This incident underscores the importance of robust passwords and the benefits of employing a reputable password manager.
