Google ‘Perpetual Hack’ Attack Steals Passwords And 2FA—Act Now – Forbes
Researchers warn of a perpetual Google hack attack.Update, Jan. 17, 2025: This story, originally published Jan. 16, now includes important new information from Google in response to the coverage of this story and the researchers work in exposing the perpetual hack attack methodology.As news still sinks in of an exploit methodology that can seemingly steal sensitive data using the sign-in-with-Google authentication process, and users of Chrome are warned not to click twice as new attack methodology is confirmed, another threat has been disclosed that Google users need to take note of. Although two-factor authentication bypassing, credential-stealing, attacks are nothing new, security researchers have called this latest ongoing perpetual hacking campaign a “new extreme.” Here’s what you need to know.Cybercriminals targeting advertisers by impersonating Google Ads in fraudulent ads is as old an attack methodology as Google search itself. Sadly, using this tactic to lead to cloned pages designed to steal login credentials and bypass 2FA codes in the process is not new either. According to newly published research from Malwarebytes, however, the latest hack attack campaigns have reached what it called a “new extreme,” with accounts being compromised in real-time and immediately added to the ever-expanding pool of hacked accounts which is then used to perpetuate the attack. This is, it would appear, the discovery of perpetual motion for the hacking world.“The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Report author Jérôme Segura, senior director of research at Malwarebytes, said, “we believe their goal is to resell those accounts on black hat forums, while also keeping some to themselves to perpetuate these campaigns.”Since this story was published and I contacted Google for a statement, which you can see in full towards the bottom of the article, Google has got back in touch with an important update. “We have addressed this issue and are now working with impacted advertisers to regain access to their accounts,” a Google spokesperson said, “Our teams continue to implement protections to keep these bad actors off our platform.”According to Malwarebytes, the attack flow for this dangerous and never-ending Google hack attack is as follows:“This is the most egregious malvertising operation we have ever tracked,” Segura warned, “getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.”Segura urged users to pay particular attention to sponsored ad results when using Google search. ”Ironically, it’s quite possible that individuals and businesses that run ad campaigns are not using an ad-blocker,” Segura said, in order to see their ads and those from their competitors, “making them even more susceptible to fall for these phishing schemes.”Google wanted to make it clear that it has strict advertising policies to regulate what types of ads and advertisers are allowed to operate on Google platforms. Google’s misrepresentation policy doesn’t allow advertisers to run advertisements that scam users, whether by concealing information about the advertiser’s business, product or service in question. Google has specialist teams in place to monitor infringements and told me, for background, that they are aware of these malicious ad campaigns and continue to take enforcement measures against them. Both malicious adverts and associated accounts are actively reviewed and appropriate actions are taken as a consequence. Impacted advertisers should follow these steps if their account is compromised in any way. Impacted users may also be eligible for reimbursement.Google concedes that it does, however, see bad actors operating at a greater scale and with more sophistication in order to try and evade detection. The tactics used include the simultaneous creation of thousands of accounts, text manipulation to circumvent automated detection and “cloaking” to display different advertising content to Google reviewers and systems than users. However, in 2023, Google still removed a staggering 3.4 billion ads and restricted 5.7 billion across 5.6 million accounts. Some 206 million advertisements were either removed or blocked for violating the aforementioned misrepresentation policy.A Google spokesperson said: “We expressly prohibit ads that aim to deceive people in order to steal their information or scam them. Our teams are actively investigating this issue and working quickly to address it.”One Community. Many Voices. Create a free account to share your thoughts. Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.Your post will be rejected if we notice that it seems to contain:User accounts will be blocked if we notice or believe that users are engaged in:So, how can you be a power user?Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
