Summary: A new malvertising campaign is targeting Google Ads users by phishing for their credentials through fraudulent ads. The attackers aim to steal advertiser accounts and use the stolen credentials to perpetuate further scams. The campaign has been active since at least mid-November 2024 and employs sophisticated techniques to evade detection.
Threat Actor: Unknown | malvertising
Victim: Google Ads Users | Google Ads Users
Keypoints :
- The campaign uses fake ads to redirect users to phishing sites designed to capture credentials and 2FA codes.
- Threat actors exploit the fact that Google Ads allows different display and final URLs, enabling them to host phishing pages on Google Sites.
- Malwarebytes reports that the attackers are likely Portuguese speakers operating from Brazil, utilizing various evasion techniques.
Source: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html