ClickCease Malicious Google Ads Targeting Chinese Users - Stay Informed

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Malicious Google Ads Targeting Chinese Users – Stay Informed

Wajahat Raja

February 8, 2024 - TuxCare expert team

Online scams through Google ads continue to pose a significant threat to internet users worldwide. Malicious actors continuously evolve their strategies to exploit vulnerabilities and target unsuspecting users. Recently, a concerning trend has emerged targeting Chinese-speaking individuals through malicious Google ads. These ads lure users with promises of popular messaging applications, like Telegram and LINE, ultimately leading to the infiltration of malware onto their devices.


Malicious Google Ads – Understanding the Threat

The modus operandi of this
malicious campaign revolves around exploiting the popularity of messaging apps, particularly those restricted or banned in China. Despite stringent regulations, users often resort to circumvention tools like VPNs to access these applications. 

Exploiting this demand, threat actors abuse Google advertiser accounts to disseminate malicious ads. These ads redirect users to pages where they unknowingly download Remote Administration Trojans (RATs), granting attackers full control over their systems.

Previous Attacks and Current Tactics


This isn’t the first instance of such malicious activity. Earlier, a campaign codenamed FakeAPP targeted Hong Kong users seeking messaging apps like WhatsApp and Telegram. Now, this campaign has expanded to include LINE, redirecting users to counterfeit websites hosted on Google Docs or Google Sites. 

Leveraging Google’s infrastructure, the threat actors embed links to malicious sites, facilitating the distribution of trojans like PlugX and Gh0st RAT. Safeguarding against fraudulent ad campaigns is crucial for maintaining a secure online environment.

Identifying the Culprits


Internet security for Chinese internet users is a paramount concern in today’s digital landscape. Malwarebytes, in its investigation, traced the fraudulent ads to two advertiser accounts based in Nigeria, namely Interactive Communication Team Limited and Ringier Media Nigeria Limited. Notably, the threat actors prioritize quantity over quality, constantly rotating payloads and infrastructure to evade detection.

The Rise of Phishing-as-a-Service (PhaaS)

Chinese users targeted ads are becoming increasingly prevalent in the digital landscape. In tandem with these malicious ad campaigns, Trustwave SpiderLabs has highlighted a surge in PhaaS adoption, particularly the Greatness platform. 

This platform facilitates the creation of authentic-looking credential-harvesting pages targeting Microsoft 365 users. The kit’s customization options, coupled with anti-detection measures, enable threat actors to orchestrate large-scale attacks with ease.

Modus Operandi of Phishing Attacks


Phishing attacks, leveraging Greatness, often employ social engineering tactics, masquerading as trusted entities like banks or employers. The emails induce a sense of urgency, compelling recipients to act swiftly, typically by clicking on malicious attachments. Once opened, these attachments either capture login credentials or deploy malware onto the victim’s system.

Expanding Targets: South Korean Companies

Phishing attacks aren’t confined to a single region. South Korean companies have fallen victim to similar schemes, with attackers impersonating reputable tech companies like Kakao. These attacks distribute AsyncRAT via malicious Windows shortcut files, deceiving users into opening seemingly innocuous documents.
Protecting against malicious online advertising requires vigilance and proactive measures from both users and organizations.

Cybersecurity In Digital Marketing

As the threat landscape evolves, it’s imperative for users and organizations to remain vigilant. Employing robust
Google ads security measures, such as comprehensive antivirus software and employee awareness training, can mitigate the risk posed by these malicious campaigns. Additionally, scrutinizing incoming emails for signs of phishing attempts and verifying the authenticity of download sources can thwart potential attacks.


The proliferation of malicious ad campaigns and phishing attacks underscores the persistent threat posed by cybercriminals. By exploiting popular applications and leveraging sophisticated tactics, these threat actors continue to target unsuspecting users and organizations worldwide. Vigilance, coupled with
ad fraud prevention and proactive cybersecurity measures, remains the best defense against such nefarious activities. 

As we navigate the complexities of the digital realm, staying informed about these malicious Google ads and adopting a security-first mindset is paramount to safeguarding against evolving online advertising threats.

The sources for this piece include articles in The Hacker News and MalwareBytes

Malicious Google Ads Targeting Chinese Users - Stay Informed
Article Name
Malicious Google Ads Targeting Chinese Users - Stay Informed
Discover how malicious Google ads are targeting Chinese users with deceptive tactics. Protect yourself from online threats.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter