Phishing, Threat Intelligence, AI/ML

Novel ad fraud scheme weaponizes Google Discover

Google logo on one of the buildings situated in Googleplex, the company's main campus in Silicon Valley

(Adobe Stock)

Android and Google Chrome users have had their Google Discover feeds injected with deceptive news stories via search engine optimization poisoning and AI-generated content to facilitate scareware deployment and financial scams as part of the Pushpaganda ad fraud campaign, The Hacker News reports.

Intrusions which were initially aimed at India before expanding to the U.S., Canada, Australia, South Africa, and the UK involved deceiving users into visiting false stories with AI-generated content on Google Discover, which redirect to attacker-controlled domains luring them to activate scareware notifications, according to an analysis from HUMAN's Satori Threat Intelligence and Research Team. Clicking on the notifications diverts users to other attacker-controlled sites, with the traffic generating revenue for the threat actors.

Such findings follow an Infoblox report detailing the Vane Viper threat operation's use of push notifications to advance ClickFix-like social engineering attacks. Meanwhile, Google disclosed implementing stringent anti-spam systems in Search and Discover, while issuing continuous updates to identify content that violates its policies.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Business Email Compromise (BEC)Deauthentication AttackDenial of ServiceDictionary AttackDisruptionDistributed ScansDumpster DivingGoogle HackingHybrid AttackPassword Cracking

You can skip this ad in 5 seconds