Malwarebytes has released an advisory detailing a fraudulent online ad campaign using Google Ads. The campaign leverages adult websites and advertising to entice victims into clicking on malicious links that made the operators behind the campaign hundreds of thousands of dollars a month. Malwarebytes states that the scammers loaded a full blog as their popunder, which contains dozens of stolen articles from other sites.
The page refreshes its content at frequent intervals to serve a new article, still hidden behind with the XXX overlay, which allows the threat actors to monetize further using Google Ads. This process occurs without the user’s knowledge. Malwarebytes found that there are an average of five Google ads on the popunder page, sometimes including video advertisements that generate more money. The campaign was successful in gathering roughly 300,000 visits per month, and roughly 51 pages viewed per visit.