Researchers have noticed yet one more malicious marketing campaign that abuses Google Adverts to steal individuals’s delicate knowledge – particularly Amazon Internet Service (AWS) login credentials.
Consultants from Sentinel Labs lately found a Google Adverts marketing campaign that marketed a malicious touchdown web page that appeared close to the highest of the search engine’s outcomes for the cloud large.
Individuals who would use Google’s search engine to seek for “aws” would see, ranked second, a malicious touchdown web page that impersonated (opens in new tab) a vegan meals weblog.
Categorizing stolen knowledge
These heading to that website would then be prompted with a faux AWS login web page the place, as soon as entered, the knowledge could be stolen.
Moreover, the positioning prompted the victims to pick if they’re a root or IAM consumer, serving to crooks categorize the stolen credentials primarily based on utility and worth.
Sentinel Labs found the marketing campaign on January 30, 2023, and additional investigation uncovered that the attackers have been most definitely Brazilian.
The researchers reported the assault to CloudFlare which shut down the malicious account however BleepingComputer claims the advertisements on Google are nonetheless lively. We weren’t in a position to independently confirm if that’s nonetheless the case, or if Google did its half within the meantime.
Cybercriminals always attempt to leverage Google’s advert community to ship malware and steal individuals’s knowledge. The search engine large is mostly perceived as trusted, making individuals much less vigilant when clicking on search engine outcomes. Final December, researchers from Malwarebytes noticed a marketing campaign by which scammers used the site visitors from an grownup web site to generate clicks on Google Advert banners, netting large returns.
Through: BleepingComputer (opens in new tab)