""This operation, named for push notifications central to the scheme, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages.""
""The findings demonstrate how threat actors abuse AI to hijack trusted discovery surfaces and turn them into delivery vehicles for scareware, deepfakes, and financial fraud.""
""Once a user lands on one of the actor-controlled domains, they are coerced into enabling push notifications that deliver fake legal threats and scams.""
A novel ad fraud scheme, codenamed Pushpaganda, exploits SEO techniques and AI-generated content to infiltrate Google's Discover feed. It targets Android and Chrome users, tricking them into enabling browser notifications that lead to scareware and financial scams. The operation generates invalid organic traffic from real mobile devices, with about 240 million bid requests linked to 113 domains. Initially observed in India, the threat has expanded to regions including the U.S., Australia, and the U.K. Google has implemented a fix to combat this spam issue.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]