“Pushpaganda” — AI-Driven Ad Fraud Scheme Exploits Google Discover to Spread Scareware

Summary

Cybersecurity researchers at HUMAN’s Satori Threat Intelligence team have uncovered a novel ad fraud scheme dubbed “Pushpaganda” that weaponizes AI-generated content and search engine poisoning to infiltrate Google’s Discover feed on Android and Chrome. The campaign tricks users into enabling persistent browser push notifications that deliver scareware and financial scams.

At its peak, approximately 240 million bid requests were associated with 113 domains linked to the campaign over a seven-day period. While initially targeting India, the operation has since expanded to the U.S., Australia, Canada, South Africa, and the U.K. Google has since rolled out a fix to address the spam issue.

The attack chain works by luring users through Google Discover to AI-generated misleading news stories on attacker-controlled domains. Once there, victims are coerced into enabling push notifications that deliver fake legal threats, which redirect to additional scam sites generating illicit ad revenue.

Source

The Hacker News — AI-Driven Pushpaganda Scam Exploits Google Discover

Commentary

Pushpaganda is a textbook example of how AI-generated content is supercharging social engineering at scale. The economics are brutal: 240 million bid requests from just 113 domains means the scammers can spin up convincing content farms faster than platforms can detect them. Google Discover’s algorithmic curation — designed to surface interesting content — becomes the perfect delivery vehicle when AI can generate plausible-looking news articles on demand.

The push notification angle is particularly nasty because it creates a persistent foothold on the victim’s device. Even after the user leaves the malicious site, the notifications keep firing. This is why browser notification permissions should be treated with the same caution as app install prompts — most users don’t realize they’re granting a persistent channel for future abuse.