Security researchers have warned of a sophisticated cloaking platform that lets bad actors maneuver around automated security protocols and spoof brands on Google ad platforms.
The service, referred to as 1Campaign, provides hackers with a one-stop-shop for running malicious ads and enabling fraud “at scale,” a recent report by cybersecurity company Varonis uncovered. Using just a single dashboard, hackers can cloak malicious content from security researchers, ad platform reviewers, and automated scanners — who instead see a benign white page — and target general users with phishing or scam attempts.
It’s a boon for what is commonly referred to as “malvertising.”
Mashable Light Speed
On top of standard cloaking tools, 1Campaign also offers bad actors real-time analytics, visitor profiling, fraud scoring, and traffic blocking options that can configure content for known security vendors, data centers, and VPNs in order to get around detection, Tech Radar reported. The tool logs IP addresses, geographic locations, company information or ISP, device type, security flags, and assigns each visitor a “fraud score.” This data is then used to serve up targeted content.
1Campaign was developed by a hacker known as “DuppyMeister,” and it’s been on the cybercriminal market for the last three years. The developer runs support for the service through secret Telegram channels, and Varonis’ Threat Lab found that the tool has an extremely high success rate at interrupting traditional detection methods.
Hackers have been manipulating search engines, including agentic browsers and chatbots themselves, into surfacing malicious ads and hiding malware in plain sight. Just this week, Bitdefender warned of a hacker network that had taken over 35 Google Advertiser accounts and launched hundreds of such ads that single out Mac users searching for specific software downloads.
