Security researchers at Malwarebytes have uncovered a malvertising campaign targeting Microsoft advertisers through deceptive Google ads. The campaign directs users to sophisticated phishing pages designed to steal login credentials and two-factor authentication codes.

The attack specifically targets users searching for “Microsoft Ads” on Google Search, presenting malicious sponsored ads in search results. The cybercriminals employ various evasion techniques, including:

– VPN traffic redirection to fake marketing websites
– Cloudflare challenges to filter out bots
– Rickroll redirects for direct landing page visits

The phishing infrastructure, primarily hosted in Brazil, creates convincing replicas of Microsoft’s advertising platform. Evidence suggests the campaign has been active for several years and may have targeted other platforms like Meta.

In a parallel development, researchers identified a sophisticated SMS phishing campaign impersonating USPS. The operation uses:

– Fake package delivery notifications
– Malicious PDF files with concealed links
– Phishing pages collecting personal and payment information
– Advanced encryption for stolen data transmission

The campaign has deployed over 20 malicious PDFs and 630 phishing pages, indicating a large-scale operation. The attackers utilize iMessage vulnerabilities and sophisticated social engineering tactics to bypass security measures.

Google has stated it actively prohibits such deceptive ads and suspends accounts engaging in these practices. The company continues to implement countermeasures against these threats.