Researchers revealed Pushpaganda, a novel ad-fraud campaign that uses search engine poisoning and AI-generated news to push deceptive stories into Google Discover and trick users into enabling persistent browser push notifications that deliver scareware and financial scams. The operation generated roughly 240 million bid requests tied to 113 domains in one week, spread beyond India to several countries, and shows how shared monetization infrastructures like Low5 and BADBOX 2.0 enable ad-laundering and rapid reuse of cashout domains. #Pushpaganda #Low5
Keypoints
- Pushpaganda uses SEO poisoning and AI-generated content to infiltrate Google Discover feeds.
- Users are coerced into enabling persistent push notifications that deliver scareware and redirect to scam sites.
- The campaign produced about 240 million bid requests across 113 domains over seven days and has expanded globally.
- Attackers monetize traffic via ad-laundering cashout sites and shared infrastructures like Low5 and BADBOX 2.0.
- Google implemented a fix, but researchers warn cashout domains persist and require ongoing threat intelligence to disrupt.
Read More: https://thehackernews.com/2026/04/ai-driven-pushpaganda-scam-exploits.html