Microsoft Advertisers Account Hacked Using Malicious Google Ads

Cybersecurity experts have uncovered a sophisticated phishing campaign targeting Microsoft advertising accounts.

The attack, orchestrated through malicious Google Ads, aims to steal login credentials of users accessing Microsoft’s advertising platform.

This incident highlights the growing risk of malvertising, where cybercriminals exploit legitimate ad networks to deceive users.

How the Attack Works

The phishing campaign leverages sponsored Google search results for terms like “Microsoft Ads” and “Bing Ads.”

While Microsoft does purchase ad space on Google to attract advertisers, threat actors have inserted fake sponsored links mimicking legitimate Microsoft domains.

These malicious ads bypassed Google’s security protocols, directing unsuspecting users to fraudulent login pages.

Upon clicking the malicious ad, users are redirected through a complex network of cloaking techniques.

The attackers differentiate genuine users from bots or web crawlers, directing suspicious traffic to harmless “white pages.”

Real users, however, are funneled through a ...