A global ad fraud campaign based on Google Ads has made millions

Fraud
Image Credit: Shutterstock (Image credit: Gustavo Frazao / Shutterstock)

Scammers have used the traffic from an adult website to generate clicks on Google Ad banners, netting them huge returns, experts have revealed.

Researchers from Malwarebytes, which first spotted the campaign, revealed how someone created an ad campaign on one of the major adult ad networks and used the “popunder” ad format. 

It’s essentially a pop-up, but it goes under the active browser window. That way, the ads displayed can only be seen after the user closes, or minimizes, the browser

"Clean" ads on adult sites

Then, they created a fake news website, whose content is scraped from other content sites. The articles published on this website include various tutorials, guides, and similar. Being “clean” (no adult content, gambling, or similar), the site was allowed to show ads from the Google Ads network. 

Then, they overlaid the site with an iframe showing content from the TXXX adult site. 

In other words, when a visitor from an adult site closes their browser, they’ll see a popunder advertising TXXX, which also seems legitimate, given the context. However, should the visitor try to click on any of the videos, they’ll actually be clicking on the ad and thus generate profit for the fraudsters. At the end of the day, visitors from adult websites will click on ads from the Google Ads network, which goes against Google’s advertising policy of no adult content whatsoever. 

Even if they don’t click on the ad, the simple fact that it loaded generates revenue for the fraudsters, as ad networks also pay out for ad impressions. That’s why the fake news site, and the ads on it, get refreshed every nine seconds.

Malwarebytes says popunders are quite cost-efficient, as the average cost per thousand impressions (CMP) can go as low as $0.05, and given that the traffic on adult sites is massive, the threat actor behind the scheme managed to generate a huge amount in profits.

Per Malwarebytes’ estimates, the campaign, which has now been terminated, generated 76 million ad impressions per month which, with a CPM of $3.50, brings profits up to $276,000 a month.

The threat actor's identity is unknown, but apparently, they're Russian. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
A close-up of an interent search bar with 'http://ww' visible
Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC