Malicious Google Ads campaign targets AWS users

AWS Re:Invent 2022
AWS Re:Invent 2022 (Image credit: Daniel Hessel)

Researchers have spotted yet another malicious campaign that abuses Google Ads to steal people’s sensitive data - specifically Amazon Web Service (AWS) login credentials.

Experts from Sentinel Labs recently discovered a Google Ads campaign that advertised a malicious landing page that appeared near the top of the search engine's results for the cloud giant.

People who would use Google’s search engine to search for “aws” would see, ranked second, a malicious landing page that impersonated a vegan food blog.

Categorizing stolen data

Those heading to that site would then be prompted with a fake AWS login page where, once entered, the information would be stolen. 

Furthermore, the site prompted the victims to select if they are a root or IAM user, helping crooks categorize the stolen credentials based on utility and value. 

The attackers also added a JavaScript function, disabling right clicks, middle mouse buttons, and keyboard shortcuts, the researchers added, speculating that the feature was included to discourage victims from easily navigating away from the landing page. 

Sentinel Labs discovered the campaign on January 30, 2023, and further investigation uncovered that the attackers were most likely Brazilian. 

The researchers reported the attack to CloudFlare which shut down the malicious account but BleepingComputer claims the ads on Google are still active. We weren’t able to independently verify if that is still the case, or if Google did its part in the meantime. 

Cybercriminals constantly try to leverage Google’s ad network to deliver malware and steal people’s data. The search engine giant is generally perceived as trusted, making people less vigilant when clicking on search engine results. Last December, researchers from Malwarebytes spotted a campaign in which scammers used the traffic from an adult website to generate clicks on Google Ad banners, netting huge returns. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI