Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Malvertising Campaign Abuses Google AdSense

At least two Google AdSense campaigns have been leveraged by cybercrooks to redirect the visitors of numerous websites to scam pages.

The malvertising campaign started in the second half of December and lasted until a few days ago when Google finally managed to remove the offending advertisements.

At least two Google AdSense campaigns have been leveraged by cybercrooks to redirect the visitors of numerous websites to scam pages.

The malvertising campaign started in the second half of December and lasted until a few days ago when Google finally managed to remove the offending advertisements.

According to Sucuri, users who accessed sites containing the ads, regardless of what Web browser they had been using, were redirected to bogus websites advertising various products, including weight loss, skin care and IQ enhancers. The scam sites were made to look like reputable magazines such as Forbes and Good Housekeeping.

Users didn’t have to click on the ads in order to get redirected and the malicious redirections affected even webmasters when they accessed the Ad Review Center section of their Google AdSense dashboard.

After many of the affected webmasters started complaining on the Google AdSense support forum, the search giant started taking steps to block the bad ads and advised customers to do the same from their accounts. However, as Sucuri senior malware researcher Denis Sinegubko pointed out, it wasn’t easy for webmasters to identify and block the offending ads because they were redirected to the scam sites almost immediately after the ads were displayed in the Ad Review Center.

On January 9, the issue escalated and more website owners accessed the support forum to complain. The next day, Google informed customers that its malvertising team was working on addressing the problem, but it was having difficulties because the cybercrooks were changing the destination URLs.

The most likely scenario is that the attackers somehow hijacked the AdWords accounts of two legitimate advertisers to launch their campaign. The accounts in question contain legitimate ads and Google has not suspended them after shutting down the malvertising operation. Sinegubko believes that the owners of the accounts probably didn’t have any active campaigns, which is why they didn’t notice the scammy ads. On the other hand, there’s also the possibility that the accounts were created by the scammers who added some legitimate ads to avoid raising suspicion.

Sinegubko says Google should have better control over third-party scripts because they can be used for more than just redirects.

Advertisement. Scroll to continue reading.

“They can easily contain browser exploits. And even perfectly legitimate scripts may be modified if their site gets hacked. If Google doesn’t control scripts in their ads, AdSense may eventually turn into the largest malvertising platform despite of the still prevailing opinion that that Google Ads are probably the most safe ad network out there,” the researcher said in a blog post.

Another problem, according to the expert, is that malicious actors can leverage the fact that the scripts included in banners are executed in the Ad Review Center. This can be exploited to launch cross-site request forgery (CSRF) and cross-site scripting (XSS) attacks. The scripts can also be utilized to redirect webmasters to AdSense phishing pages.

This particular malvertising campaign doesn’t appear to be limited to AdSense. One user reported seeing the same redirects triggered by ads served through the advertising network Sovrn.

Malvertising campaigns have become increasingly common because they allow cybercriminals to easily reach a large number of potential victims. A recent operation analyzed by researchers at Cyphort targeted AOL’s ad network and it affected several high-profile websites, including LA Weekly and The Huffington Post.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.