Hackers have discovered a new way to hijack Google Ads, the platform that manages advertising on a website. Thanks to an unidentified flaw, they manage to display porn sites or steal some personal data from users.
Google Ads suffers from a security breach origin still unknown. For the record, Google Ads is the immense platform which makes it possible to display and control the advertising which is displayed on a site, while then offering the Webmaster the possibility of managing its advertising revenues.
But a problem currently affects the platform, a problem which concerns more precisely one of the emails sent by the platform. However, this message seems perfectly legitimate.
Read also: Google – hackers use Google Ads to spread their malware, beware of fake software
Google Ads email gets hijacked to send spam
Like any account administration platform, Google Ads offers a user the ability to add other people as an administrator (with more or less viewing and editing rights). The future administrator thus receives an invitation by email from the address [email protected]. The mail sent seems completely legitimate and passes between the mails of the net of any antispam filter, any mail client.
However, hackers managed to hijack Google’s message and send a fake email. This is where things get ugly. If the user clicks on one of the links in the email, he finds himself on an adult site and/or on a site that collects all kinds of data about its visitorswithout asking their consent, of course.
If it is always possible to block via the antispam filter this kind of mail, it is really not the right solution to adopt. It may even be the worst, since the e-mail address used by Google is legitimate. From then on, no more mail of this kind will reach the user.
Google is obviously aware of the problem and has already worked on a solution, without further explanation. “Regarding Google Ads, we have strict rules against misrepresentation and have taken appropriate measures,” explains a spokesperson for the company. “We encourage users to report messages when they receive emails containing spam, to help us take appropriate action on accounts implicated in spam.”
Source: Bleeping Computer