Summary: Cybercriminals are exploiting Google search advertisements to promote phishing sites that impersonate Google Ads, tricking users into revealing their credentials. These fake ads lead victims to counterfeit login pages hosted on Google Sites, which closely mimic the official Google Ads interface. The attackers, operating from various regions, aim to steal accounts for resale and further malicious activities.

Threat Actor: Cybercriminal groups | cybercriminal groups
Victim: Google Ads users | Google Ads users

Keypoints :

• Attackers run Google ads that redirect to phishing sites designed to look like Google Ads login pages.
• Phishing kits collect sensitive information, leading to unauthorized access and potential account takeover.
• At least three distinct cybercrime groups are involved, targeting victims globally and exploiting vulnerabilities in Google’s ad policies.