Researchers warn of a perpetual Google hack attack.
As news still sinks in of an exploit methodology that can seemingly steal sensitive data using the sign-in-with-Google authentication process, and users of Chrome are warned not to click twice as new attack methodology is confirmed, another threat has been disclosed that Google users need to take note of. Although two-factor authentication bypassing, credential-stealing, attacks are nothing new, security researchers have called this latest ongoing perpetual hacking campaign a “new extreme.” Here’s what you need to know.
This New Malicious Google Ad Hacking Campaign Marks A New Extreme
Cybercriminals targeting advertisers by impersonating Google Ads in fraudulent ads is as old an attack methodology as Google search itself. Sadly, using this tactic to lead to cloned pages designed to steal login credentials and bypass 2FA codes in the process is not new either. According to newly published research from Malwarebytes, however, the latest hack attack campaigns have reached what it called a “new extreme,” with accounts being compromised in real-time and immediately added to the ever-expanding pool of hacked accounts which is then used to perpetuate the attack. This is, it would appear, the discovery of perpetual motion for the hacking world.
“The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Report author Jérôme Segura, senior director of research at Malwarebytes, said, “we believe their goal is to resell those accounts on black hat forums, while also keeping some to themselves to perpetuate these campaigns.”
The Google Perpetual Hack Attack Flow In Action
According to Malwarebytes, the attack flow for this dangerous and never-ending Google hack attack is as follows:
- The attackers disguise themselves as fake Google Ads login pages to fool advertisers, who are then phished for their account credentials. The victim enters their Google account information into the phishing page, and a phishing exploit kit collects unique identifiers, session cookies and credentials.
- Hackers are able to take over these accounts in real-time, with their own malicious ads subsequently delivered, with every new victim immediately added to the pool of hacked accounts.
- The threat actors show fraudulent URLs in their ads, making them indistinguishable from legitimate sites and seemingly fly “under the radar to avoid violating Google’s rules,” Segura said.
- Advertisers then lose money and/or ad budget if the hacker goes on a spending spree or locks that user out of their now compromised account.
- Malwarebytes has observed some hackers using these campaigns to distribute malware as well as phishing for advertiser login credentials, so as to infect business networks.
“This is the most egregious malvertising operation we have ever tracked,” Segura warned, “getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.”
Mitigating The Google Perpetual Hack Attack Risk
Segura urged users to pay particular attention to sponsored ad results when using Google search. ”Ironically, it’s quite possible that individuals and businesses that run ad campaigns are not using an ad-blocker,” Segura said, in order to see their ads and those from their competitors, “making them even more susceptible to fall for these phishing schemes.”
I have reached out to Google for a statement. In the meantime, I would recommend reading Google’s phishing mitigation advice.