Cybersecurity researchers have uncovered a new ad fraud campaign that used search engine poisoning and AI-generated content to push deceptive news stories into Google Discover and lure Android and Chrome users into enabling persistent browser notifications, with up to 240 million bid requests tied to 113 domains in a seven-day span.
KEY FACTS
- Campaign name HUMAN’s Satori Threat Intelligence and Research Team called the operation Pushpaganda.
- Scope The activity was linked to 113 domains and about 240 million bid requests over seven days.
- Targets The scheme focused on Android and Chrome users, then expanded beyond India to the U.S., Australia, Canada, South Africa and the U.K.
- Method Users were steered to sites with AI-generated content and prompted to allow notifications that delivered scareware and scam messages.
- Response Google has rolled out a fix to address the spam issue.
The technical analysis from HUMAN Security says the campaign used misleading news stories to attract visitors through Google Discover. Once users reached actor-controlled domains, they were pressured into enabling push notifications that later delivered fake legal threats and other scam content.
Clicking the alerts redirected users to additional sites run by the same threat actors, creating traffic that could be monetized through ads placed on those pages. The report says the notifications were designed to trigger urgency, a tactic that can make users more likely to click without scrutiny.
The disclosure also noted that the campaign began in India before spreading to other countries. It said the broader abuse of discovery feeds shows how trusted content surfaces can be manipulated to support scam delivery and illicit revenue generation.
WHY IT MATTERS
The case shows how AI-generated content and browser notifications can be combined to move users from trusted feeds into scam networks. It also highlights how quickly ad fraud infrastructure can scale across devices and regions before platform fixes take effect.