San Francisco, January 16, 2025 – Hackers exploited Google Ads to steal user credentials and ad budgets in a global malvertising campaign, raising serious security concerns.
A sophisticated malvertising scam has infiltrated Google Ads, targeting unsuspecting users worldwide and compromising their credentials. Cybercriminals behind the scheme deploy fake ads mimicking official Google Ads links, luring victims to fraudulent login pages that harvest passwords and two-factor authentication (2FA) codes.
Jérôme Segura, senior threat analyst at Malwarebytes said:
This campaign has turned a trusted platform into a phishing paradise, exposing millions to potential losses.
The attackers exploit loopholes in Google Ads policies, hosting malicious sites on Google’s trusted domains to deceive users further. The stolen credentials allow hackers to hijack accounts, redirect ad budgets, and perpetuate the cycle by promoting more fake ads.
Victims have reported incidents globally, with clusters traced to Brazil, where Portuguese-speaking hackers operate from compromised domains. Adding to the chaos, hackers use sophisticated techniques like cloaking, anti-bot detection, and CAPTCHA-inspired lures, making the scam harder to detect.
Our accounts were drained within hours, leaving us scrambling to recover both funds and trust.
Google acknowledged the issue and emphasized its ongoing efforts to monitor its ad network, having already removed 3.4 billion malicious ads and suspended 5.6 million accounts in 2023 alone. Despite these measures, the persistence of such scams raises concerns about the platform’s security.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
