Cybercriminals are increasingly shifting their tactics toward exploiting trusted digital ecosystems rather than relying solely on traditional malware or phishing techniques. A recent campaign known as “Pushpaganda” demonstrates this evolution by combining artificial intelligence with search engine manipulation to infiltrate Google Discover and redirect users into fraudulent environments.
The campaign, identified by HUMAN’s Satori Threat Intelligence team, focuses primarily on Android and Chrome users. Instead of directly attacking devices, it manipulates content visibility. Attackers generate large volumes of AI-written articles that appear legitimate and relevant, allowing them to bypass initial suspicion.
These articles are optimized using SEO poisoning strategies so they surface in Google Discover feeds. Because Discover is designed to deliver personalized and trusted content, users are more likely to engage with these links.
Once a user clicks on one of these articles, they are taken to a website controlled by the attackers. These pages initially appear harmless but quickly attempt to convince users to enable browser notifications. This step allows attackers to maintain persistent access to the user’s device.
After notification permissions are granted, users begin receiving misleading alerts. These notifications often mimic urgent warnings such as security threats or legal notices, encouraging users to click without hesitation. Each interaction redirects users to additional malicious websites, forming a continuous loop of traffic generation.
At scale, this campaign is highly effective. Researchers observed nearly 240 million bid requests linked to over 100 domains in a short period. While it initially targeted India, it has expanded globally.
The use of AI allows attackers to produce content rapidly and adapt to trending topics, making detection increasingly difficult. Google has implemented countermeasures, but the campaign highlights a broader issue: attackers are now exploiting trust rather than just vulnerabilities.
Organizations need proactive defense strategies to combat such threats. Platforms like IntelligenceX provide capabilities such as infrastructure monitoring, vulnerability assessments, and threat detection, helping organizations identify malicious domains and suspicious patterns early.
By leveraging IntelligenceX, security teams can gain visibility into attacker infrastructure and respond before campaigns scale further. Additionally, its compliance and risk management capabilities help organizations strengthen their overall security posture.
Pushpaganda demonstrates that modern cyber threats are becoming more subtle and scalable. Continuous monitoring and intelligence-driven defense are now essential.
Top comments (0)