AI-Driven Push Notification Scam Exploits Google Discover

Severity: High (Score: 66.5)

Sources: www.humansecurity.com, Pymnts, Cybersecuritynews

Summary

A new cyber operation named Pushpaganda has been identified, leveraging Google Discover to deliver malicious push notifications. This operation uses AI-generated content to manipulate users into allowing persistent notifications, which then deliver scareware and financial scams. Researchers observed 240 million bid requests linked to Pushpaganda domains within a week, indicating a widespread impact across countries including India, the U.S., Australia, Canada, South Africa, and the U.K. The attackers created 113 domains filled with sensationalist headlines to attract clicks, which subsequently led to users granting notification permissions. Once permission is granted, the attackers can send fraudulent alerts and advertisements, bypassing ad blockers and surviving browser sessions. Google has implemented a fix after being alerted by HUMAN Security, but the operation had already reached significant scale before enforcement. The use of generative AI allows attackers to produce content rapidly, making it difficult for platforms to detect and mitigate the threat effectively. Key Points: • Pushpaganda exploits Google Discover to deliver malicious push notifications. • 240 million bid requests linked to the operation were observed in one week. • Attackers use AI-generated content to bypass user intent and manipulate clicks.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Pushpaganda (campaign)
• Google (company)
• Australia (country)
• Canada (country)
• India (country)
• South Africa (country)
• Android (platform)
• Google Discover (platform)
• Chrome (tool)