- Varonis discovered 1Campaign, a tool for hiding malicious Google ads
- Shows phishing/scam content to victims, blank pages to reviewers and scanners
- Offers analytics, visitor profiling, fraud assessment and large-scale brand theft
For three years, someone has been selling a tool that allows scammers to serve malicious Google ads that are only served to highly relevant targets.
Security researchers Varonis dubbed the service 1Campaign and, in a detailed report, described 1Campaign as a “cloaker,” through which malicious actors can show different content to different visitors.
While real victims see actual phishing or scam content, security researchers, ad platform reviewers, and automated scanners see a basic blank slate. “This allows fraudulent Google Ads campaigns to pass an initial review and remain active longer before being reported,” Varonis explained.
Launch advertising campaigns
But there’s more to 1Campaign than just hiding. The tool offers real-time analytics, visitor profiling, fraud scoring, and an option to block traffic from known security providers, data centers, and VPNs.
“Each visitor is assigned a fraud score from 0 to 100. Visitors from Microsoft Corporation, Google, Tencent Cloud Computing, OVH Hosting and other cloud providers are automatically flagged with high fraud scores and blocked,” the researchers explain.
Security scanners are identified through IP address ranges, ISPs and behavior patterns, meaning attackers can configure exactly who sees their malicious content and who can stare at a blank slate.
Developed by a hacker alias “DuppyMeister,” 1Campaign distributed traffic to the United States, Canada, the Netherlands, China, Germany, France, Japan, Hungary and Albania. The platform also comes with a Google Ads launcher tool through which miscreants can launch both malicious and harmless campaigns.
DuppyMeister claims this allows 1Campaign to bypass policy limitations and run ads “like anyone else.” This basically means that scammers can spoof any brand.
“This directly enables large-scale ad fraud, allowing attackers to impersonate legitimate brands and services in their Google Ads campaigns while avoiding automated policy enforcement,” the researchers concluded.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
