Cybersecurity researchers have uncovered a malvertising campaign targeting advertisers on Microsoft’s platform using fake Google ads. These malicious ads redirect users to phishing pages designed to steal their login credentials.
The campaign has emerged recently, building on a previous attack where sponsored Google Ads were used to mislead users into divulging information. It specifically targets individuals searching for "Microsoft Ads" on Google, aiming to trick them into clicking harmful links presented as advertisements in search results.
To evade detection, the attackers guide traffic through VPNs to a fake marketing website. Visitors are also confronted with Cloudflare challenges intended to filter out automated bots. Additionally, those who try to access the malicious landing page are met with a humorous distraction, leading them to a YouTube video instead of the phishing site.
The counterfeit page closely resembles the legitimate Microsoft advertising site and is engineered to capture users’ login information, including two-factor authentication (2FA) codes, facilitating account hijacking.
According to Malwarebytes, signs of this phishing infrastructure appear to date back a couple of years, indicating a long-standing campaign that might also have extended its reach to other advertising platforms, such as Meta. Notably, many of the phishing domains are hosted in Brazil, hinting at a geographical trend similar to previous attacks targeting Google Ads users.
In a separate development, an SMS phishing campaign has been reported, impersonating the United States Postal Service (USPS) and tricking mobile users with package delivery lures. This sophisticated scheme involves sending SMS messages that include malicious PDF files, prompting recipients to provide personal information under the guise of updating their mailing address.
Once the victims open the PDF, they are directed to a phishing website where they must input sensitive data, including payment card details to cover alleged delivery charges. The attackers employ an advanced obfuscation method that masks malicious links within the PDF, making it harder for security systems to detect the threat.
This pattern reveals a worrying trend where cybercriminals increasingly exploit mobile devices to conduct social engineering attacks, relying on trust in well-known brands like USPS. Similar tactics have also been observed involving Apple’s iMessage to deliver phishing websites, showcasing the evolving strategies of threat actors in the cybersecurity landscape.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.