Cybersecurity researchers at Varonis Threat Labs have identified a new platform named 1Campaign, designed specifically to help hackers and scammers trick Google’s security systems, or at least attempt to do so.
This service allows criminals to run fraudulent advertisements that stay online for much longer than usual by hiding their true intent from safety checkers. The platform has been active for over three years, managed by a developer known as DuppyMeister, who even provides dedicated help desk support for users.
How It Works
The main feature of 1Campaign is a technique called cloaking. This involves showing two different versions of a website. When a Google reviewer or a security bot checks the link, they see a perfectly safe white page. However, when a regular person clicks the same ad, they are redirected to a dangerous site designed to steal cryptocurrency or login details.
Further investigation by Varonis’ threat analysts revealed that the tool is incredibly effective at spotting fake visitors. It uses a fraud score from 0 to 100 to rank every person who clicks, and if the system detects a visitor from a tech company like Microsoft, Google, or Tencent, or someone using a VPN, it automatically blocks them. It is worth noting that in one analysed campaign called Blockbyblockchain, which targeted the site bitcoinhorizon.pro, the system blocked 99.4% of 1,676 visitors, allowing only 10 real potential victims through.
Targeted Attacks and Global Reach
According to researchers, 1Campaign is part of a worrying rise in user-friendly hacking toolkits. While other toolkits like Spiderman or FishXProxy focus on targeting banks or avoiding takedowns, 1Campaign is unique because it specifically focuses on abusing Google Ads. This method, known as malvertising, allows attackers to buy legitimate ad space to spread malware or fake software.
The research indicates that these toolkits make it easier than ever for people without technical skills to launch high-level scams. 1Campaign even includes a special launcher that helps attackers bypass strict rules and create ads using any text or words, making it easy to impersonate famous brands. As Daniel Kelley, a researcher involved in the study, explained in the blog post shared with Hackread.com:
“1Campaign stands out because it takes many tried-and-true hacker tools and techniques, packages them together, and aims them directly at the biggest online advertiser in the world.”
Researchers also highlighted the global scale of these operations, with traffic being tracked across the UK, the US, the Netherlands, China, and Germany. By the time a scam is manually reported and taken down, the attackers have often already caused significant financial damage.
To stay safe, it is best to treat promoted search results with caution and always double-check the web address before entering any personal data.
