Unmasking the ‘Eternal Breach’: Protect Your Passwords and 2FA Before It’s Too Late!

As details are still being absorbed regarding an exploit strategy that can seemingly extract sensitive information through the sign-in-with-Google authentication system, and Chrome users are cautioned against double-clicking as a new assault technique is verified, yet another danger has been revealed that Google users must heed. Although attacks that bypass two-factor authentication and extract credentials are not a novelty, cybersecurity researchers have classified this latest persistent hacking endeavor as a “new extreme.” Here’s what you ought to be aware of.

ForbesNew Amazon Ransomware Attack—‘Recovery Impossible’ Without PaymentBy Davey Winder

This New Malicious Google Ad Hacking Campaign Marks A New Extreme

Cybercriminals are directing their efforts at advertisers by mimicking Google Ads through fraudulent advertisements—a tactic as old as Google search itself. Unfortunately, employing this approach to guide users to cloned pages aimed at extracting login details and circumventing 2FA codes is not novel either. According to recently published research from Malwarebytes, however, these latest hacking campaigns have escalated to what they call a “new extreme,” where accounts are compromised in real-time and are instantly included in the ever-growing pool of hacked accounts that is then utilized to further the attack. This appears to be akin to discovering perpetual motion within the realm of hacking.

“The operation involves stealing as many advertiser accounts as feasible by mimicking Google Ads and guiding victims to counterfeit login pages,” Report author Jérôme Segura, senior director of research at Malwarebytes, stated. “We suspect their aim is to resell these accounts on black hat forums while retaining some for themselves to continue these campaigns.”

ForbesYouTube Hack Attack Warning—What 2.5 Billion Users Need To KnowBy Davey Winder

The Google Perpetual Hack Attack Flow In Action

As stated by Malwarebytes, the attack pattern of this perilous and unending Google hack assault is as follows:

• The assailants mask themselves as counterfeit Google Ads login portals to deceive advertisers, who are subsequently phished for their account details. The victim enters their Google account data into the phishing page, and a phishing exploit kit gathers unique identifiers, session cookies, and credentials.
• Hackers manage to seize these accounts in real-time, afterward delivering their own malicious ads, with every fresh victim being immediately incorporated into the hacked accounts pool.
• The threat actors present fraudulent URLs in their advertisements, rendering them indistinguishable from genuine sites while seemingly operating “under the radar to evade breaking Google’s regulations,” Segura explained.
• Advertisers suffer financial losses and/or ad budget wastage if the hacker embarks on extravagant spending or locks that user out of their now compromised account.
• Malwarebytes has noticed some hackers utilizing these campaigns to spread malware in addition to phishing for advertiser login information, to infect business networks.

“This is the most severe malvertising operation we have ever monitored,” Segura cautioned, “getting to the heart of Google’s business and likely impacting thousands of their clients globally. We have been reporting new incidents non-stop and continue to identify fresh ones even as we publish.”

ForbesNew Gmail Cyber Attack—Encryption Key Crypto Hackers StrikeBy Davey Winder

Mitigating The Google Perpetual Hack Attack Hazard

Segura advised users to be especially vigilant regarding sponsored ad outcomes when utilizing Google search. “Ironically, it is quite possible that the individuals and businesses executing ad campaigns are not employing an ad-blocker,” Segura noted, to view their ads and those from their competitors, “making them even more vulnerable to fall for these phishing tactics.”

I reached out to Google for a response, and a spokesperson commented: “We proactively prohibit ads that intend to mislead individuals to steal their information or scam them. Our teams are diligently investigating this matter and acting swiftly to resolve it.” I would also advise reviewing Google’s phishing mitigation guidelines.