Malvertising Attack on Microsoft Ads Users Exposed

Malvertising Attack on Microsoft Ads Users Exposed
Image 1.0 Source: https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads

Cybersecurity is once again under the spotlight following the discovery of a malvertising campaign targeting Microsoft Ads users through fake Google ads. The campaign aims to direct victims to phishing pages designed to steal their login credentials.

In a report by Malwarebytes, senior director of research JĂ©rĂ´me Segura explained that the malicious ads appeared on Google Search, specifically targeting users searching for terms like "Microsoft Ads." These ads redirect victims to phishing pages resembling the legitimate Microsoft Ads login page, capturing user credentials and two-factor authentication (2FA) codes, thus giving attackers access to user accounts. Malwarebytes also discovered additional phishing infrastructure that has been active for several years, indicating an ongoing campaign.

Malvertising Attack on Microsoft Ads
Image 1.1 Microsoft's new domain is fake on Google Ads

The Cyber Defense Insight team investigated remnants of the malvertising activity and identified a new website once again appearing in Google Ads. However, when accessed, the website displayed only a "404 Page Not Found" message rather than the expected login page similar to the one analyzed by Malwarebytes. This may indicate that the threat actors have not fully prepared the phishing site, possibly as a strategy to avoid early takedown by Google Ads. Nevertheless, the domain clearly impersonates Microsoft, which should have been an early warning to prevent its presence on Google Ads.

Page not found
Image 1.2 Page not found

The investigation highlights that threat actors often delay full deployment of their phishing infrastructure to evade detection and maximize their attack window. The fake Microsoft domains, although inactive during access, pose a significant threat as they leverage trusted names to lure victims. This underscores the need for continuous monitoring and quick action against suspicious advertisements.

The Cyber Defense Insight team recommends stricter ad monitoring with automated flagging of suspicious domains, enhanced user education about threats, and collaboration between ad providers and security teams to accelerate the takedown process of malicious ads. By implementing these proactive measures, organizations can better safeguard against malvertising campaigns that exploit user trust in well-known brands and platforms.

0 Comments