Advertising - Cyber Security Informer

Banning Surveillance-Based Advertising

Schneier on Security

JUNE 24, 2021

The Norwegian Consumer Council just published a fantastic new report: “ Time to Ban Surveillance-Based Advertising. Banning surveillance-based advertising in general will force structural changes to the advertising industry and alleviate a number of significant harms to consumers and to society at large. Press release.

Advertising

Advertising Surveillance Media Technology

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Fuel for other malware and scam campaigns Indicators of Compromise Overview Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials ironically via fraudulent Google ads. This earned Google a whopping $175 billion in search-based ad revenues in 2023.

Advertising

Advertising Accountability Phishing Scams

Apps That Are Spying on Your Location

Schneier on Security

JANUARY 10, 2025

Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening both without users and even app developers knowledge.

Data collection

Data collection Advertising Media Hacking

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

. “The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations,” the DOJ explained.

Phishing

Phishing Cybercrime Advertising Malware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums. ” According to Intel 471, this same Discord account was advertised in 2019 by a person on the cybercrime forum Cracked who used the monikers “ ORN ” and “ ori0n.” 2023 on the forum Cracked. .”

Hacking

Hacking Cybercrime Advertising Data breaches

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

The Hacker News

JANUARY 31, 2025

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.

Advertising

Advertising Scams Accountability Phishing

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

That investigation detailed how the 38-year-old Shefel adopted the nickname Rescator while working as vice president of payments at ChronoPay , a Russian financial company that paid spammers to advertise fake antivirus scams, male enhancement drugs and knockoff pharmaceuticals.

Retail

Retail Advertising Cryptocurrency Marketing

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies , could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. Full disclosure: Wiz is currently an advertiser on this website.] This story will be updated with any substantive replies.

Risk

Risk Artificial Intelligence Mobile Encryption

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Krebs on Security

MAY 7, 2025

com were paid for by the same account advertising a number of scam websites selling logo and web design services. Those website names were then fed into spyfu.com , a competitive intelligence company that tracks the reach and performance of advertising keywords. The Google ads promoting quranmasteronline[.]com

Scams

Scams Marketing Advertising Technology

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

The original October 31 post from abyss0, where they advertise the sale of data from several large banks that are customers of a large financial software company. A review of abyss0’s posts to BreachForums reveals this user has offered to sell databases stolen in several dozen other breaches advertised over the past six months.

Data breaches

Data breaches Banking Cybercrime Advertising

SYS01 Infostealer Campaign Exploits Meta Ads to Target Millions Worldwide

Penetration Testing

NOVEMBER 2, 2024

In a world increasingly dependent on online advertising, cybercriminals have seized an opportunity to exploit Meta’s vast advertising ecosystem.

Advertising

Advertising Cybersecurity Malware

South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

The Hacker News

NOVEMBER 5, 2024

million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent. Meta has been fined 21.62 billion won ($15.67

Advertising

Advertising Data privacy

DeepSeek users targeted with fake sponsored Google ads that deliver malware

Malwarebytes

MARCH 26, 2025

In this case, they certainly put a lot more effort into creating the fake website which the advertisement linked to: Its different from the real website, but it looks convincing, nonetheless. The advertisers name is not in Chinese characters by the way. The language in which the advertiser’s name is written is Hebrew: .

Artificial Intelligence

Artificial Intelligence Advertising Malware Risk

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Schneier on Security

JANUARY 18, 2022

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” ” rhetoric we’re seeing in this current wave of the crypto wars.

Encryption

Encryption Government Advertising Marketing

Repeat offenders drive bulk of tech support scams via Google Ads

Malwarebytes

DECEMBER 3, 2024

We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year. For instance, one advertiser had over 30 reported incidents in the past 3 months. It’s unclear why Google has not taken definitive action on the advertiser profiles we have reported.

Scams

Scams Advertising Accountability Engineering

Scammers advertise fake AppleCare+ service via GitHub repos

Malwarebytes

SEPTEMBER 12, 2024

We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub , the developer and code repository platform owned by Microsoft.

Advertising

Advertising Scams Social Engineering Banking

Google now allows digital fingerprinting of its users

Malwarebytes

FEBRUARY 19, 2025

For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams. But it’s not been straight forward for Google. What can I do?

Advertising

Advertising VPN Internet Internet

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

The Hacker News

APRIL 16, 2025

million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. Google on Wednesday revealed that it suspended over 39.2 In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3

Advertising

Advertising Accountability

Using Fake Student Accounts to Shill Brands

Schneier on Security

NOVEMBER 3, 2021

Scammers are using that prestigious domain name to shill brands : Basically, it appears that anyone with $300 to spare can – or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention (..)

Accountability

Accountability Advertising Scams

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

The 122 services targeted in Sanders’ research include some of the more prominent businesses advertising on the cybercrime forums today, such as: -abuse-friendly or “bulletproof” hosting providers like anonvm[.]wtf, wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

The Hacker News

MAY 12, 2025

Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms often advertised via legitimate-looking Facebook groups and viral social media campaigns,"

Artificial Intelligence

Artificial Intelligence Malware Advertising Media

Android devices track you before you even sign in

Malwarebytes

MARCH 12, 2025

As the company behind the Android Operating System (OS), the Google Play Store, the most popular search engine in the world, and part of the leading company in digital advertising (Alphabet), Google has obtained a position where it would be hard not to profit from. Ever considered not telling them who I am?

Advertising

Advertising Accountability Marketing Engineering

Surveillance by the New Microsoft Outlook App

Schneier on Security

APRIL 4, 2024

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users.

Surveillance

Surveillance Advertising Data collection

GhostGPT: A Malicious AI Chatbot for Hackers

Security Boulevard

JANUARY 24, 2025

A malicious generative AI chatbot dubbed "GhostGPT" is being advertised to cybercriminals on underground forums as a tool for more quickly and efficiently creating malware, running BEC attacks, and other nefarious activities, lowering the barrier for less-skilled hackers to launch attacks.

Advertising

Advertising Malware Social Engineering Security Awareness

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.

Advertising

Advertising Cybercrime System Administration Hacking

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

Until recently, AT&T also shared CPNI data with Xandr , whose privacy policy in turn explains that it shares data with hundreds of other advertising firms. EPIC says T-Mobile customer data sold to third parties uses another unique identifier called mobile advertising IDs or “ MAIDs.”

Mobile

Mobile Wireless Advertising Accountability

Everything You Need to Know about the Malvertising Cybersecurity Threat

Tech Republic Security

OCTOBER 29, 2024

Malvertising is a shortened mash-up of “malicious advertising.” These malicious ads are difficult to detect, and are served to internet users using legitimate advertising networks and publishing platforms, such as the Google Search Network.

Advertising

Advertising Cybersecurity Internet Internet

No, I Won't Link to Your Spammy Article

Troy Hunt

APRIL 6, 2020

Keep reading the definition until you understand then proceed: Spamming is the use of messaging systems to send an unsolicited message, especially advertising Alrighty, so it's an unsolicited message (I certainly didn't ask for it) and it's intended to advertise your work.

Advertising

Advertising Internet Internet VPN

AI and the Evolution of Social Media

Schneier on Security

MARCH 19, 2024

1: Advertising The role advertising plays in the internet arose more by accident than anything else. Advertising was the obvious business model, if never the best one. Big Tech needs something to persuade advertisers to keep spending on their platforms. In both cases, the solution lies in limits on the technology’s use.

Media

Media Advertising Surveillance Artificial Intelligence

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malicious code was advertised on cybercrime forums for $3,000 per month. The malware can collect cookies, logins and browsing history, but from Safari only cookies can be collected.

Malware

Malware Advertising Antivirus Cybercrime

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Krebs on Security

FEBRUARY 1, 2021

SMS Bandits also provided their own “bulletproof hosting” service advertised as a platform that supported “freedom of speach” [sic] where customers could “host any content without restriction.” agency advertises a service designed to help intercept one-time passwords needed to log in to various websites.

Phishing

Phishing Telecommunications Advertising Mobile

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. The HeartSender group advertised its tools as fully undetectable by antispam software. These tools are essential components to build and run fraud operations.

Cybercrime

Cybercrime Advertising Phishing Hacking

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Malwarebytes

NOVEMBER 1, 2024

SEO poisoning is a technique employed by cybercriminals to manipulate search engine results, making harmful websites or advertisements appear at the top of search results. Did the advertisement you clicked on take you to the expected web shop? So, what can consumers do to stay safe?

Phishing

Phishing Advertising Engineering Risk

“Privacy Nutrition Labels” in Apple’s App Store

Schneier on Security

NOVEMBER 12, 2020

Apple will start requiring standardized privacy labels for apps in its app store, starting in December: Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s (..)

Advertising

Advertising Marketing Accountability Software

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

For example, a Google search earlier this week for the free graphic design program FreeCAD produced the following result, which shows that a “Sponsored” ad at the top of the search results is advertising the software available from freecad-us[.]org. million advertiser accounts. Google says it removed 5.2

Software

Software Advertising Malware Accountability

Android App Infects Up To 10 Million Users with Update

Adam Levin

FEBRUARY 8, 2021

A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. may also allow a bad player to place invasive data tracking on your device as well as annoying advertising. Barcode Scanner is an app available in the Google Play store for Android devices.

Mobile

Mobile Advertising Malware Risk

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

FEBRUARY 17, 2020

” “Next an ad serving limit will be placed on your publisher account and all the revenue will be refunded to advertisers. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate.

Scams

Scams Advertising Accountability Web Fraud

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

was originally advertised on the public Russian-language hacking forum Antichat by a venerated user in that community who goes by the alias “ Isis.” ” A Google Translate version of that advertisement is here (PDF). Isis’ profile on antichat. ru — wasn’t working at the time.

Accountability

Accountability Advertising Hacking Cybercrime

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

A service advertised on the English-language crime community BreachForums in October courts phishers who may need help with certain aspects of their phishing campaigns targeting booking.com partners. One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

This week, messaging security vendor Proofpoint published some new data on the rise of these malicious Office 365 apps, noting that a high percentage of Office users will fall for this scheme [full disclosure: Proofpoint is an advertiser on this website]. A cybercriminal service advertising the sale of access to hacked Office365 accounts.

Accountability

Accountability Advertising Passwords Phishing

Malicious Barcode Scanner App

Schneier on Security

FEBRUARY 16, 2021

Users began noticing something weird going on with their phones: their default browsers kept getting hijacked and redirected to random advertisements, seemingly out of nowhere. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back to the app. That’s not the case here.

Advertising

Advertising Malware

Patch now! New Chrome update for two critical vulnerabilities

Malwarebytes

OCTOBER 30, 2024

That means that a victim’s device could be compromised just by visiting a malicious website or advertisement. This vulnerability, tracked as CVE-2024-10487 , can be used by cybercriminals as a drive-by download. The vulnerability was found in Dawn, an open source and cross-platform implementation of the WebGPU -standard.

Spyware

Spyware Architecture Advertising Engineering

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

The tech giant may have used this data for targeted advertising, according to Blue Shield, which is one of the largest health insurers in the US. In this case, a simple misconfiguration shared data with an entitythat already knows so much about usthat then used the information for targeted advertising.

Insurance

Insurance Data breaches Passwords Phishing

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST. The bulletproof hosting provider BEARHOST. This screenshot has been machine-translated from Russian.

Malware

Malware Antivirus Software DDOS

Banning Surveillance-Based Advertising

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Trending Sources

Apps That Are Spying on Your Location

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

An Interview With the Target & Home Depot Hacker

Experts Flag Security, Privacy Risks in DeepSeek AI App

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Fintech Giant Finastra Investigating Data Breach

SYS01 Infostealer Campaign Exploits Meta Ads to Target Millions Worldwide

South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

DeepSeek users targeted with fake sponsored Google ads that deliver malware

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Repeat offenders drive bulk of tech support scams via Google Ads

Scammers advertise fake AppleCare+ service via GitHub repos

Google now allows digital fingerprinting of its users

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Using Fake Student Accounts to Shill Brands

How Cryptocurrency Turns to Cash in Russian Banks

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Android devices track you before you even sign in

Surveillance by the New Microsoft Outlook App

GhostGPT: A Malicious AI Chatbot for Hackers

Meet the Administrators of the RSOCKS Proxy Botnet

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Everything You Need to Know about the Malvertising Cybersecurity Threat

No, I Won't Link to Your Spammy Article

AI and the Evolution of Social Media

Banshee macOS stealer supports new evasion mechanisms

U.K. Arrest in ‘SMS Bandits’ Phishing Service

Law enforcement seized the domains of HeartSender cybercrime marketplaces

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

“Privacy Nutrition Labels” in Apple’s App Store

Using Google Search to Find Software Can Be Risky

Android App Infects Up To 10 Million Users with Update

Pay Up, Or We’ll Make Google Ban Your Ads

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Booking.com Phishers May Leave You With Reservations

Malicious Office 365 Apps Are the Ultimate Insiders

Malicious Barcode Scanner App

Patch now! New Chrome update for two critical vulnerabilities

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Stay Connected