Summary: Cybersecurity researchers have uncovered a malvertising campaign targeting Microsoft advertisers with fraudulent Google ads that divert users to phishing sites. Additionally, a separate SMS phishing campaign impersonates the USPS, using social engineering tactics to steal sensitive information from mobile users. Both schemes highlight the evolving techniques employed by cybercriminals to exploit trust and evade detection.
Affected: Microsoft advertisers, USPS customers
Keypoints :
- Malicious ads appearing on Google Search aim to capture Microsoft advertising platform login information.
- Redirects to fake marketing sites and Cloudflare challenges are used to evade detection by security tools.
- The USPS phishing campaign tricks users into entering sensitive information through deceptive PDF messages.
- Innovative obfuscation techniques in the PDFs make it harder for endpoint security to detect malicious links.
- The use of iMessage and social engineering tactics demonstrates the sophistication of these phishing attacks.
Source: https://thehackernews.com/2025/02/malvertising-scam-uses-fake-google-ads.html