BleepingComputer reports that malicious Google ads impersonating widely-used online marketing platform Semrush have been leveraged by Brazilian threat actors to compromise Google account credentials as part of a new attack campaign.
Attackers have spread fraudulent Semrush ads on Google search, which when clicked redirect to seemingly legitimate Semrush websites with potential target-filtering mechanisms and force users to log in using their Google account, according to an analysis from Malwarebytes Labs researcher Jerome Segura and Senior SEO Strategist Elie Berreby.
Inputting the Google login details facilitates their immediate exfiltration while the elevated prevalence of Semrush integration with Google could allow the compromise of other business information. While Google is commendable for its immediate action to remove the nefarious ads, such schemes involving Google ads could not be fully addressed unless they're addressed by the firm's decision-makers, said Berreby.
"They are diligently doing their best at an individual level, but that's not enough, and frankly, that's not acceptable for a giant tech company like Google that uses the most advanced machine learning solutions," said Berreby.
