Cybersecurity

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0 views admin
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers.

1Campaign is a cloaking service that passes Google’s screening process and shows malicious content only to real potential victims. Security researchers and automated scanners are served benign white pages.

The operation has been active for at least three years and is managed by a developer using the name ‘DuppyMeister,’ according to a report from data security company Varonis.

“The tool passes Google's screening, filters out security researchers, and keeps phishing and crypto drainer pages online for as long as possible, funneling real users to attacker-controlled sites,” the researchers say.

1Campaign provides “customers” with a user-friendly dashboard where they can get an overview of their operations and set the parameters for their campaigns.

The platform can filter visitors in real time, directing traffic to landing pages based on predefined criteria, including geography, internet service provider (ISP), and device characteristics.

The researchers say that this targeted approach allows attackers to concentrate on users in regions where the phishing lure is relevant, while filtering out traffic from countries with a higher likelihood of security scrutiny or scanning activity.

In one instance, Varonis observed aggressive filtering that blocked 99.4% of 1,676 visitors accessing the malicious ads. This translates into a success rate of just 0.6%, or 10 visitors.

The system evaluates each visitor and assigns a fraud risk score between 0 and 100. This reflects the likelihood of non-genuine visitors, and is derived from checking infrastructure details such as cloud providers, data centers, VPNs, and security vendors.

"Visitors from Microsoft Corporation, Google, Tencent Cloud Computing, OVH Hosting, and other cloud providers are automatically flagged with high fraud scores and blocked," Varonis says in a report today.

Source: BleepingComputer

🏷️ Tags

securityattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0
Cyber: Critical Lazarus Group Picks A New Poison: Medusa Ransomware

Cyber: Critical Lazarus Group Picks A New Poison: Medusa Ransomware

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views