Threat actors exploited Google's ad platform to create fake Google Authenticator ads, injecting malware. Malicious ads show legit domains, bypassing Google's security checks, increasing credibility and risk.
Malwarebytes discovered the malicious ad campaign using URL cloaking, previously seen in attacks against popular software like KeePass, Arc browser, YouTube, Amazon. Despite Google's verified advertiser system, threat actors find ways to abuse the platform.
Google acknowledged the issue, stating they blocked reported fake advertisers. Threat actors circumvent detection by creating numerous accounts, manipulating text, and cloaking URLs. Google improves automated systems and reviewers to combat malvertising.
Collection
[
|
...
]