Researchers have issued a warning about a persistent Google hack that can steal sensitive data, including passwords and two-factor authentication (2FA) codes. Users of Google Chrome and Google Ads are particularly at risk. This ongoing hacking campaign involves cybercriminals impersonating Google Ads to create fraudulent ads.
These ads trick victims into entering their login credentials on fake pages, which are then used to compromise their accounts in real-time. The compromised accounts are quickly added to a growing pool and used to further perpetuate the attack. Jérôme Segura, senior director of research at Malwarebytes, said, “This scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.
We believe their goal is to resell those accounts on black hat forums, while also keeping some to themselves to perpetuate these campaigns.”
Google has been working with impacted advertisers to help them regain access to their accounts. A Google spokesperson stated, “We have addressed this issue and are now working with impacted advertisers to regain access to their accounts. Our teams continue to implement protections to keep these bad actors off our platform.”
Malwarebytes outlined the attack flow, explaining that hackers disguise themselves as fake Google Ads login pages to deceive advertisers into providing their credentials.
Persistent Google Ads malvertising scam
The captured information is then used to take over accounts and run malicious ads, leading to financial losses for the advertisers. Segura advises users to be wary of sponsored ad results, especially when using Google search, as these can be part of phishing schemes even if they look legitimate.
“Ironically, it’s quite possible that individuals and businesses that run ad campaigns are not using an ad blocker, making them even more susceptible to fall for these phishing schemes,” said Segura. Google has strict advertising policies to prevent scams and unauthorized ads. The company has specialized teams to monitor and take action against these malicious campaigns.
In 2023 alone, Google removed 3.4 billion ads and restricted 5.7 billion across 5.6 million accounts, with millions of these actions due to violations of misrepresentation policies. “We expressly prohibit ads that aim to deceive people in order to steal their information or scam them,” a Google spokesperson emphasized. Our teams are actively investigating this issue and working quickly to address it.
The ongoing hacking campaigns represent a significant threat to users and advertisers alike.
Staying vigilant and being cautious about sponsored ads, coupled with using ad-blockers, can mitigate some risks. Google continues to enhance its defenses to protect users and advertisers from these sophisticated attacks.
