Malvertising Scam Targets Microsoft Advertisers

A Sophisticated Phishing Campaign

By Ravie Lakshmanan, February 1, 2025

Malicious Ads on Google Search

Cybersecurity researchers have discovered a sophisticated malvertising campaign that targets Microsoft advertisers with bogus Google ads, aiming to take them to phishing pages capable of harvesting their credentials.

Bypassing iMessage’s Phishing Protection

These malicious ads appear on Google Search and cleverly attempt to bypass a safety measure in iMessage that prevents links from being clickable unless the message is from a known sender or from an account to which a user replies. This is accomplished by including a "Please reply to Y" or "Please reply to 1" message in a bid to turn off iMessage’s built-in phishing protection.

Association with Darcula Phishing Network

It’s worth noting that this approach has been previously associated with a phishing-as-a-service (PhaaS) toolkit named Darcula, which has been used to extensively target postal services like USPS and other established organizations in more than 100 countries.

The Attack’s Success

"The scammers have constructed this attack relatively well, which is probably why it’s being seen so often in the wild," Huntress researcher Truman Kain said. "The simple truth is it’s working."

Conclusion

The malvertising scam is a sophisticated phishing campaign that targets Microsoft advertisers with bogus Google ads, aiming to harvest their credentials. The attack’s success can be attributed to its clever attempt to bypass iMessage’s phishing protection and its association with the Darcula phishing network.

Follow Us

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Share Your Thoughts

Share your thoughts on this article in the comments section below.

Related Articles

Stay updated on the latest cybersecurity news and trends by following us on Twitter and LinkedIn.

Share This Article

Share this article with your friends and colleagues to spread awareness about the malvertising scam.

Report a Vulnerability

If you have any information about this attack or have discovered a similar vulnerability, please report it to us at [insert contact information].