A sophisticated cyber operation called Pushpaganda is redefining how attackers exploit online platforms. By combining artificial intelligence with search engine manipulation, threat actors are pushing malicious content into Google Discover feeds and using it as a gateway for scams and ad fraud.
Discovered by HUMAN’s Satori team, the campaign targets mobile users by leveraging trust in curated content. Instead of deploying malware directly, attackers influence what users see.
They achieve this by creating AI-generated articles designed to look like real news. These articles are optimized for search visibility, allowing them to appear in Discover feeds.
Once users click on these links, they are redirected to attacker-controlled websites. These pages attempt to convince users to enable browser notifications, which becomes the primary attack vector.
After permissions are granted, users receive a stream of deceptive alerts designed to create urgency. Clicking on these alerts leads to additional malicious domains, enabling attackers to generate revenue through ads or scams.
The campaign has reached massive scale, with hundreds of millions of bid requests observed. Its rapid expansion highlights how automation is transforming cybercrime.
To counter such threats, organizations must adopt proactive security strategies. IntelligenceX plays a crucial role by offering threat intelligence, infrastructure analysis, and vulnerability assessments.
Using IntelligenceX, organizations can detect malicious domains, analyze attacker behavior, and reduce exposure to such campaigns. Its services also support compliance and risk management, which are critical in today’s evolving threat landscape.
Pushpaganda is a clear example of how attackers are shifting from technical exploits to trust-based manipulation.
Top comments (0)