Fake Semrush ads used to steal SEO professionals’ Google accounts

A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. Malwarebytes researcher Jerome Segura and SEO strategist Elie Berreby believe that the threat actor is after Google Ads accounts that would enable them to create new malvertising campaigns. This type of “cascading fraud” has been gaining traction recently, as Malwarebytes uncovered in January a similar operation where fake Google Ads hosted on Google Sites targeted Google Ads accounts. “We believe the criminals behind it likely regrouped and switched to a less direct approach, yet one that might deliver just as much,” explains Malwarebytes. In this latest case, the cybercriminals abuse the Semrush brand, a popular software-as-a-service (SaaS) platform used for SEO, online advertising, content marketing, and competitive research. Malicious search results Source: Malwarebytes Semrush is widely used by digital marketers, advertisers, e-commerc ... Read full article.