Azure and Google domains hacked to spread disinformation
Cybercriminals have found a new and creative way to send unwanted ads, malware and spam to internet users. They are exploiting Google, Azure, OVH and other similar services, and abusing legitimate features designed to improve the user experience.
Researchers from BleepingComputer reported that the campaign begins with numerous websites hosted on cloud services such as Microsoft Azure blob storage and OVH. These websites are then filled with misinformation, “rumors” and fake news, usually about various celebrities (although the list of topics is likely much broader).
Once there is enough content about a specific person on the internet, Google picks it up, puts it in the “new info related to…” feature and pushes it to regular internet users.
For those unfamiliar with “new info related to…” – it’s a feature that notifies users when new information appears, related to something they previously searched for. So, for example, if someone searched for, and read about, Tom Hardy, then that person will be notified as soon as new articles are published – regardless of the fact that the information is fake and comes from dubious sources. The push notification will be displayed on their smartphones.
But spreading fake celebrity news is hardly harmful. Instead, the crooks fill the sites with malvertising, promote suspicious Chrome extensions, redirect people to untrustworthy websites, and more. In some of the examples BleepingComputers reporters saw, the sites also displayed ads promoting fake antivirus programs.
How Google responds to this remains to be seen, but if past activity is any indication, it will undoubtedly bring about changes. This isn’t the first Google service to be abused for the distribution of malware and adware, and at least so far, Google has been quick to respond. Until that happens, netizens should be cautious when venturing onto the Internet, even when dealing with their favorite, usually trustworthy services.