Feb 14, 2023Ravie LakshmananAd Fraud / Online Security
The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infect over 10,800 websites.
"The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," Sucuri researcher Ben Martin said in a report published last week.
Details of the malicious activity were first exposed by the GoDaddy-owned company in November 2022.
The campaign, which is said to have been active since September last year, is orchestrated to redirect visitors to compromised WordPress sites to fake Q&A portals. The goal, it appears, is to increase the authority of spammy sites in search engine results.
"It's possible that these bad actors are simply trying to convince Google that real people from different IPs using different browsers are clicking on their search results," Sucuri noted at the time. "This technique artificially sends Google signals that those pages are performing well in search."
What makes the latest campaign significant is the use of Bing search result links and Twitter's link shortener (t[.]co) service, along with Google, in its redirects, indicating an expansion of the threat actor's footprint.
massive adsense fraud campaign uncovered wordpress sites infected
