Hackers have discovered a new way to hijack Google Ads, the platform that manages advertising on a website. Thanks to an unidentified bug, they manage to display porn sites or steal some personal data from users.
Google Ads suffers from a security breach origin still unknown. For the record, Google Ads is the huge platform that allows you to display and control the advertising displayed on a website, while allowing the webmaster to manage his ad revenue.
However, a problem is currently affecting the platform, a problem that more precisely relates to one of the emails that the platform sends. However, this message seems perfectly legitimate.
Also read: Google – hackers use Google Ads to spread their malware, beware of fake software
Google Ads email is being hijacked to send spam
Like any account management platform, Google Ads offers a user the ability to add other people as administrators (with more or less viewing and editing rights). The future administrator thus receives an invitation by email from the address [email protected]. The email sent appears completely legitimate and passes between emails on the web by any antispam filter, any mail client.
However, hackers managed to hijack Google’s message and send a fake email. This is where things get ugly. If the user clicks on one of the links in the email, he is on an adult site and/or on a website that collects all kinds of data about its visitorswithout asking their consent, of course.
If it is always possible to block this kind of mail via the antispam filter, it is really not the right solution to use. It can even be the worst, since the email address that Google uses is legitimate. From then on, no more mail of this kind will reach the user.
Google is clearly aware of the issue and has already worked on a fix without further explanation. “Regarding Google Ads, we have strict rules against misrepresentation and have taken appropriate measures,” explains a company spokesperson. “We encourage users to report messages when they receive emails containing spam to help us take appropriate action on accounts implicated in spam.”
Source: Bleeping Computer