By 
In a cybersecurity twist, hackers have been using Google’s search engine to target Microsoft users and steal their account passwords, according to security researchers at Malwarebytes, the attackers have been exploiting Google’s advertising platform to serve up malicious ads that direct users to fake Microsoft login pages.
The sophisticated attack, which has been ongoing for some time, involves hackers purchasing ad space on Google for searches related to Microsoft Ads.
When users click on these ads, they are redirected to a malicious domain that impersonates the Microsoft Ads login page. The phishing page then attempts to trick users into resetting their passwords, while also trying to bypass any two-factor authentication protections.
Jérôme Segura, senior director of research at Malwarebytes, warned that this attack is particularly concerning because it uses Google’s own platform against Microsoft users. “These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft’s advertising platform,” Segura said.
The researchers have reported the incident to Google, and both Google and Microsoft have been contacted for a statement. In the meantime, users are advised to remain vigilant and be cautious when clicking on ads or links, especially those that ask for login credentials.
Segura noted that this attack is just the tip of the iceberg, and that other accounts beyond Google Ads and Microsoft Ads may also be targeted. “These recent malvertising campaigns highlight the ongoing threat of phishing through online advertising,” Segura said. “While tech companies like Google work to combat these issues, users must remain vigilant.”
Comments