Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," Jérôme Segura, senior director of threat intelligence at Malwarebytes, said in a report shared with The Hacker News. It's suspected the end goal of the campaign is to reuse the stolen credentials to further perpetuate the campaigns, while also selling them to other criminal actors on underground forums. Based on posts shared on Reddit, Bluesky, and Google's own support forums, the threat has been active since at least mid-November 2024. The activity cluster is a lot similar to campaigns that leverage stealer malware to steal data related to Facebook advertising and business accounts in order to hijack them and use the accounts for push-out malvertising campaigns that further propagate the malware. The newly identified campaign specifically singles out users who search for Google Ads on Google's own search engine to serve bogus ads for Google Ads that, when clicked, redirect users to fraudulent sites hosted on Google Sites. These sites then serve as landing pages to lead the visitors to external phishing sites that are designed to capture their credentials and two-factor authentication (2FA) codes via a WebSocket and…Read More