Hackers Exploit Google Search Ads to Hijack Google Ads Accounts

2 Mins Read

PureVPNNewsHackers Exploit Google Search Ads to Hijack Google Ads Accounts

Cybercriminals are increasingly turning to Google search ads as a tool to orchestrate phishing attacks aimed at stealing Google Ads account credentials.

Attackers craft advertisements that mimic the appearance of Google Ads, which appear as sponsored search results, leading unsuspecting users to phishing sites that are often hosted on Google Sites.

The similarity of the URL to Google’s own (sites.google.com) makes these fraudulent ads even more convincing. Once on these sites, victims are prompted to log into what appears to be their Google Ads accounts.

Deceptive ad posing as Google Ads (Source: Malwarebytes Labs)

How the Attack Works

The process is simple yet effective:

  1. Victims enter their Google account details into the phishing site.
  2. The site captures crucial data such as unique identifiers, cookies, and login credentials.
  3. Victims may then receive notifications of suspicious logins, often from locations like Brazil—indicative of the global reach of these attackers.

If these initial warnings are not heeded, the attackers proceed to add new administrators to the compromised Google Ads accounts and lock out the original users, paving the way for financial exploitation.

Three cybercrime groups are behind these attacks, including Portuguese-speaking perpetrators likely based in Brazil, attackers in Asia using advertiser accounts from Hong Kong or China, and a third gang composed of Eastern Europeans.

Google Ads heist campaign process flow (Source: Malwarebytes Labs)

Ongoing Threats and Google’s Response

Jérôme Segura, Senior Director of Research at Malwarebytes, describes this strategy as one of the most severe malvertising operations they have tracked, directly attacking the core of Google’s ad business. 

He said, “This is the most egregious malvertising operation we have ever tracked, getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.”

In response, Google has intensified its efforts to clamp down on these abuses. Over the past year, Google has blocked or removed more than 206.5 million ads for violating its Misrepresentation Policy, removed over 3.4 billion ads, restricted over 5.7 billion, and suspended more than 5.6 million advertiser accounts.

author

Sameed Aijax

date

January 16, 2025

time

9 months ago

Enjoys writing and helping the online community to get back their privacy. Also, he works 9 to 5 and plays FIFA.

Related Stories

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect
Posted on October 8, 2025
A Single Password Breach Shut Down a 158 Year Old Business

A Single Password Breach Shut Down a 158 Year Old Business
Posted on October 7, 2025
Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely

Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely
Posted on September 5, 2025

Have Your Say!!