"Malicious Google Ads Sneak AWS Phishing Sites Into Search Results"

A new phishing campaign is targeting Amazon Web Services (AWS) logins. The campaign abuses Google Ads to sneak phishing sites into Google Search in order to steal login information. Sentinel Labs discovered the campaign on January 30, 2023, when its analysts observed malicious search results. When searching for "aws," the harmful ads ranked second, just behind Amazon's own sponsored search result. The threat actors initially directly linked the ads to a phishing page. In a later phase, they added a redirection step, presumably to avoid detection by Google's ad fraud detection tools. The malicious Google ads lead the user to a site controlled by the attackers that replicates a legitimate vegan food blog. The site uses 'window.location.replace' to redirect the user to a new domain hosting a fake AWS login page designed to look real. The victim is then prompted to enter their email address and password after selecting whether they are a root or IAM user. This option enables the threat actors to classify the stolen data. This article continues to discuss the new phishing campaign targeting AWS logins.

Bleeping Computer reports "Malicious Google Ads Sneak AWS Phishing Sites Into Search Results"