Malvertising campaign hijacks Microsoft advertising accounts by using fake Google ads. Cybersecurity researchers have uncovered a malvertising campaign targeting Microsoft advertisers through bogus Google ads, leading them to phishing pages designed to steal their login credentials and two-factor authentication (2FA) codes.
The attackers aim to hijack accounts by tricking users searching for "Microsoft Ads" into clicking malicious sponsored links on Google Search. According to Malwarebytes' Jérôme Segura, these fraudulent ads are designed to appear legitimate, redirecting unsuspecting users to phishing pages disguised as ads.microsoft[.]com. To evade detection, the attackers deploy techniques such as redirecting VPN traffic to fake websites and using Cloudflare challenges to filter out security bots.
Interestingly, users who attempt to directly visit the phishing domain (ads.mcrosoftt[.]com) are instead rickrolled—redirected to a YouTube meme video—a tactic possibly intended to mislead cybersecurity researchers while maintaining the scam's credibility. Malwarebytes' investigation suggests that similar phishing operations have been ongoing for years, potentially targeting other advertising platforms such as Meta.
A notable pattern has emerged, with most phishing domains hosted in Brazil (.com.br), paralleling an earlier Google Ads phishing campaign that primarily used .pt (Portugal) domains. These findings indicate a broader and more sophisticated effort to exploit advertising platforms.
Meanwhile, another SMS phishing (smishing) campaign has surfaced, impersonating the United States Postal Service (USPS) to deceive mobile users. Victims receive fake messages urging them to update their address via a malicious PDF file, which then leads to a phishing page designed to steal personal and payment information.
Researchers at Zimperium zLabs identified over 630 phishing pages and 20 malicious PDFs, revealing a large-scale social engineering operation. The attackers cleverly bypass security filters by embedding clickable links within PDFs without using standard tags, making detection more difficult for endpoint security solutions.
Cybercriminals continue to exploit security loopholes in mobile and web-based platforms, using trusted brand impersonation and phishing-as-a-service (PhaaS) toolkits like Darcula to conduct global cyberattacks. As these threats evolve, enhanced vigilance, advanced detection methods, and stronger user awareness remain critical in combating phishing and malvertising frauds.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
