Title: Persistent Hack Attack: Protect Your Passwords and 2FA Now

Title: Persistent Hack Attack: Protect Your Passwords and 2FA Now

In the latest news, a new threat has surfaced for Google users, as cybercriminals execute a perpetual hacking campaign that exploits Ads and bypasses two-factor authentication. This malicious operation, labeled a "new extreme" by security researchers, is a concerning development for Google Ads users worldwide.

According to recent findings from Malwarebytes, this latest hack attack campaign is unique for several reasons. Firstly, account compromises take place in real-time, immediately adding the victim's account to an ever-growing pool of hacked accounts. Secondly, the attackers camouflage their fake Google Ads login pages by displaying fraudulent URLs indistinguishable from legitimate sites, thus avoiding detection.

The flow of the Google perpetual hack attack is as follows:

1. Attackers create fake Google Ads login pages to deceive advertisers, prompting them to enter their account credentials.
2. Phishing exploit kits collect unique identifiers, session cookies, and credentials.
3. The attackers can take over these accounts in real-time, delivering their malicious ads to new victims and adding their accounts to the pool of compromised accounts.
4. Hackers display fraudulent URLs in their ads, evading Google's rules and appearing legitimate.
5. Advertisers suffer financial losses or ad budget exhaustion due to the hacker's spending spree or account lockout.

This ongoing malvertising operation, as described by Malwarebytes' Report author Jérôme Segura, poses a significant risk to businesses and individuals worldwide. Segura warned that the scheme, which involves stealing as many advertiser accounts as possible, is likely affecting thousands of users.

To protect themselves from this threat, users can implement various security measures:

1. Employ unique passwords for each account, including Google Ads.
2. Enable multi-factor authentication to provide an additional layer of protection.
3. Regularly monitor accounts for unauthorized activity or suspicious logins.
4. Be cautious when logging into Google Ads. Avoid using Google Search as an entry point and instead, directly access the URL.
5. Verify the links before clicking on ads to check their actual destination.
6. Implement direct URL access for increased security.
7. Consider using an ad-blocker to avoid falling victim to phishing schemes.

Google strongly advises against ads aimed at deceiving users and stealing information. The company is actively investigating the issue and working to address it, urging users to report any suspicious activity for prompt resolution.

After the cyberattack, users might find unauthorized changes in their Google account passwords. (Google account password)To prevent such attacks, users can enable 2FA (two-factor authentication) for their Google accounts. (Google 2fa hack, Google 2fa)The attackers also use malware to hijack Google ads, generating revenue by displaying fraudulent ads. (Google ads, malware)To identify potential threats, users should check for malware using tools like Malwarebytes. (Malwarebytes)

Read also: