>
Researchers have uncovered yet another malicious campaign that abuses Google Ads to steal people’s sensitive data, specifically Amazon Web Service (AWS) credentials.
Sentinel Labs experts recently discovered a Google Ads campaign promoting a malicious landing page that appeared at the top of search engine results for the cloud giant.
Second, people using Google’s search engine to search for “aws” would see a malicious landing page posing as (opens in new tab) a vegan food blog.
Categorize stolen data
Those who go to that site are then presented with a fake AWS login page where, once entered, the information is stolen.
In addition, the site asked victims to select whether they were a root or IAM user, allowing scammers to categorize the stolen credentials based on usefulness and value.
The attackers also added a JavaScript feature that disables right-click, middle mouse buttons, and hotkeys.
Sentinel Labs discovered the campaign on January 30, 2023, and further investigation revealed that the attackers were most likely Brazilian.
The researchers reported the attack to CloudFlare, which shut down the malicious account Beeping computer claims that the ads on Google are still active. We couldn’t independently verify whether that is still the case, or whether Google has done its bit in the meantime.
Cybercriminals are constantly trying to use Google’s advertising network to deliver malware and steal people’s data. The search engine giant is generally perceived as trusted, making people less vigilant when clicking on search engine results. Last December, researchers at Malwarebytes spotted a campaign in which scammers used the traffic of an adult website to generate clicks on Google ad banners, generating huge revenue.
Through: Beeping computer (opens in new tab)