AI-Driven Pushpaganda Scam

Cybersecurity researchers have uncovered a sophisticated ad fraud campaign, codenamed Pushpaganda, that combines search engine optimization (SEO) poisoning with artificial intelligence-generated content. This operation is designed to manipulate content discovery platforms, particularly Google Discover, by promoting deceptive news stories that appear legitimate. The ultimate objective is to trick users into enabling persistent browser notifications, which then become channels for scareware and financial scams.

Targeting primarily Android and Chrome users, the campaign exploits personalized content feeds to deliver malicious material directly to unsuspecting individuals.

From Click to Compromise: How the Attack Chain Operates

The success of Pushpaganda lies in a carefully orchestrated user manipulation process. Threat actors lure users through seemingly credible headlines, leading them into a trap of misinformation and coercion. Once engaged, users are pressured into enabling browser notifications, which serve as the backbone of the attack.

The attack flow unfolds as follows:

• Users encounter AI-generated, misleading news content via Google Discover.
• They are redirected to attacker-controlled domains hosting fabricated stories.
• These pages prompt users to enable push notifications under false pretenses.
• Notifications deliver alarming messages, such as fake legal threats or urgent warnings.
• Clicking these alerts redirects victims to additional malicious sites filled with ads.

This mechanism generates fraudulent 'organic' traffic from real devices, significantly increasing the profitability of the scheme.

Massive Scale and Global Reach

At its peak, the campaign generated approximately 240 million bid requests across 113 domains within just seven days. Initially observed targeting users in India, the operation rapidly expanded its footprint to multiple regions, including the United States, Australia, Canada, South Africa, and the United Kingdom.

This scale highlights the efficiency of combining AI-generated content with SEO manipulation, enabling attackers to scale operations further, with minimal manual effort.

Weaponized Notifications: A Persistent Threat Vector

Push notifications have become a favored tool among cybercriminals due to their ability to create urgency and bypass traditional security awareness. Once enabled, these notifications provide a persistent communication channel that attackers can exploit repeatedly.

Common malicious uses include:

• Delivering scareware designed to intimidate users into immediate action
• Redirecting victims to phishing pages or ad-heavy scam websites
• Generating continuous traffic to monetized platforms controlled by attackers

This technique is not new. Previous campaigns, such as those attributed to the threat actor Vane Viper, have demonstrated similar abuse of push notifications to support ad fraud and social engineering attacks like ClickFix.

AI Abuse and the Manipulation of Trusted Platforms

The Pushpaganda campaign underscores a growing trend: the misuse of AI to exploit trusted digital ecosystems. By flooding platforms with low-quality, machine-generated content, threat actors can infiltrate legitimate discovery channels and weaponize them for malicious distribution.
Such tactics often involve:

• Generating large volumes of content that provide little to no real value
• Scraping existing data sources to fabricate new pages
• Creating networks of websites to disguise the scale and origin of the operation

These practices are designed to manipulate search rankings and increase visibility, ultimately deceiving both algorithms and users.

Google’s Response and Ongoing Countermeasures

In response to the findings, Google has implemented fixes to address the spam vulnerabilities exploited by the campaign. The company emphasized that its existing spam-fighting systems and policies are designed to maintain high-quality standards across Search and Discover.

Google's countermeasures include continuous algorithm updates and strict enforcement of policies against manipulative content. The company has also reiterated that using AI to generate content primarily for ranking manipulation violates its guidelines.

Efforts remain ongoing to detect and neutralize emerging threats, ensuring that discovery platforms are not exploited as delivery channels for scams and malware.