Google Account Hijackers Target Victims Via Semrush Ads
Summary:
Security researchers have issued a warning about a new malvertising campaign that exploits fake Google ads for Semrush, a SEO and marketing platform widely used by businesses, to harvest victims’ Google account credentials and sensitive data. According to Malwarebytes, the threat actors behind the campaign are leveraging Google Search ads to impersonate Semrush, drawing unsuspecting users to a counterfeit Semrush login page. Notably, the fraudulent page only offers a "Log in with Google" option, prompting users to unknowingly hand over their Google credentials.
This is especially concerning because many Semrush users link their accounts to high-value Google services like Google Analytics and Google Search Console, both of which contain sensitive business data. Once compromised, attackers can access detailed insights into a company’s website performance, traffic sources, user behavior, and strategic marketing efforts. In addition to Google data, attackers can extract personal and financial information stored in Semrush accounts, including full names, business details, phone numbers, emails, addresses, and even the last four digits of stored Visa cards.
Security Officer Comments:
Malwarebytes warns that this data can be used for identity theft or social engineering attacks, such as impersonating the business to deceive vendors or partners into making payments to fraudulent accounts. The attackers may also use partial credit card data to launch follow-up scams. For example, posing as Semrush support, they could reference a legitimate-sounding billing issue to trick users into revealing full payment details, heightening the potential financial damage.
Suggested Corrections:
Recommendations include restricting account access, enabling two-factor authentication, using ad blockers, and carefully verifying URLs before entering login information. Organizations should also monitor for suspicious ad placements targeting their brand and educate staff on identifying phishing and impersonation schemes.
Link(s):
https://www.infosecurity-magazine.com/news/google-hijackers-target-victims/
Security researchers have issued a warning about a new malvertising campaign that exploits fake Google ads for Semrush, a SEO and marketing platform widely used by businesses, to harvest victims’ Google account credentials and sensitive data. According to Malwarebytes, the threat actors behind the campaign are leveraging Google Search ads to impersonate Semrush, drawing unsuspecting users to a counterfeit Semrush login page. Notably, the fraudulent page only offers a "Log in with Google" option, prompting users to unknowingly hand over their Google credentials.
This is especially concerning because many Semrush users link their accounts to high-value Google services like Google Analytics and Google Search Console, both of which contain sensitive business data. Once compromised, attackers can access detailed insights into a company’s website performance, traffic sources, user behavior, and strategic marketing efforts. In addition to Google data, attackers can extract personal and financial information stored in Semrush accounts, including full names, business details, phone numbers, emails, addresses, and even the last four digits of stored Visa cards.
Security Officer Comments:
Malwarebytes warns that this data can be used for identity theft or social engineering attacks, such as impersonating the business to deceive vendors or partners into making payments to fraudulent accounts. The attackers may also use partial credit card data to launch follow-up scams. For example, posing as Semrush support, they could reference a legitimate-sounding billing issue to trick users into revealing full payment details, heightening the potential financial damage.
Suggested Corrections:
Recommendations include restricting account access, enabling two-factor authentication, using ad blockers, and carefully verifying URLs before entering login information. Organizations should also monitor for suspicious ad placements targeting their brand and educate staff on identifying phishing and impersonation schemes.
Link(s):
https://www.infosecurity-magazine.com/news/google-hijackers-target-victims/