Cybersecurity researchers have uncovered a sophisticated ad fraud operation, codenamed “Pushpaganda,” that exploits search engine optimization (SEO) manipulation and AI-generated content to infiltrate Google Discover feeds and deceive users into enabling malicious browser notifications. The campaign, identified by HUMAN, highlights how threat actors are increasingly leveraging trusted digital platforms to distribute scams at scale.
The scheme primarily targets Android and Chrome users by pushing deceptive, AI-generated news stories into personalized content feeds. Once users click on these seemingly legitimate articles, they are redirected to attacker-controlled domains that prompt them to enable push notifications. These notifications then deliver alarming messages – often disguised as legal threats or urgent alerts – designed to drive engagement and trigger further interaction.
At its peak, the campaign generated approximately 240 million bid requests over a seven-day period across 113 domains, demonstrating the scale and efficiency of the operation. Initially observed in India, the threat has rapidly expanded to regions including the United States, Australia, Canada, South Africa, and the United Kingdom, indicating a global reach.
Gavin Reid, Chief Information Security Officer at HUMAN, emphasized that the operation showcases how AI is being weaponized to manipulate trusted content discovery platforms. By blending AI-generated narratives with SEO poisoning techniques, attackers are effectively turning legitimate recommendation systems into delivery channels for scareware, deepfakes, and financial fraud.
Once users enable notifications, they are continuously targeted with scam messages that redirect them to additional malicious websites. These sites are embedded with advertisements, allowing threat actors to generate illicit revenue through fraudulent traffic. The tactic not only exploits user trust but also creates a persistent attack vector that extends beyond the initial interaction.
Google has responded to the findings by implementing fixes to address the spam issue and reinforcing its policies against manipulative and low-quality content. The company stated that its spam detection systems and algorithmic updates are designed to prevent such abuse, particularly content generated using AI for the sole purpose of manipulating search rankings.
The Pushpaganda campaign is part of a broader trend in which cybercriminals are increasingly abusing push notification systems as a tool for social engineering and malware distribution. These tactics rely heavily on urgency-driven messaging, prompting users to act quickly without verifying the authenticity of the alerts.
The disclosure follows closely on the heels of another large-scale fraud operation identified by HUMAN, known as Low5. This campaign involved more than 3,000 domains and 63 Android applications, forming one of the largest ad fraud laundering networks uncovered to date. The infrastructure enabled threat actors to monetize fraudulent traffic through fake content platforms, often without users’ awareness.
HUMAN reported that the Low5 operation peaked at nearly 2 billion bid requests per day and may have impacted up to 40 million devices globally. Although the malicious apps associated with the scheme have been removed from the Google Play Store, the underlying monetization infrastructure remains a persistent concern.
The emergence of campaigns like Pushpaganda underscores the growing sophistication of cyber threats targeting digital advertising ecosystems and content platforms. As attackers continue to exploit AI and automation to scale their operations, organizations must prioritize advanced threat detection, continuous monitoring, and stronger safeguards across content distribution channels.
This latest development serves as a reminder that, as digital platforms evolve, so too do the tactics of cybercriminals – making proactive security measures and platform accountability more critical than ever.
Recommended Cyber Technology News :
- KELA Reports 200 Percent Rise in Cybercriminals Using AI
- KnowBe4 Uncovers Surged Abuse of Legitimate Platforms by Cybercriminals in 2025
- Binary Defense Redefines Threat Detection with New Coverage Index
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
