AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

What happened

An ad fraud operation dubbed Pushpaganda used search engine poisoning and AI-generated content to push deceptive news stories into Google Discover and trick users into enabling browser notifications that delivered scareware and financial scams. Researchers at HUMAN said the campaign targeted Android and Chrome users by luring them to actor-controlled domains filled with AI-generated articles. Once users landed on those pages, they were pressured into allowing notifications that later delivered fake legal threats and other scam prompts. Clicking those notifications redirected users to additional attacker-run sites carrying ads, helping the operators generate illicit revenue from invalid organic traffic. At its peak, researchers linked 240 million bid requests over a seven-day period to 113 domains tied to the scheme. The activity was first observed targeting India and later expanded to the United States, Australia, Canada, South Africa, and the United Kingdom. Google has since rolled out a fix to address the spam issue. 

Who is affected

The direct impact falls on Android and Chrome users exposed to deceptive stories pushed through Google Discover and then tricked into enabling persistent browser notifications. The campaign first targeted users in India and later expanded into the United States, Australia, Canada, South Africa, and the United Kingdom. 

Why CISOs should care

This matters because the campaign shows how threat actors can abuse trusted content discovery surfaces and AI-generated articles to push users into long-lived scam delivery channels. It also highlights how browser notifications can be turned into a persistent fraud mechanism that keeps sending scareware and scam prompts long after the initial visit. 

3 practical actions

1. Review browser notification exposure: Reassess whether managed browsers allow unnecessary notification permissions from untrusted sites, since the scheme depended on persistent push access. 
2. Monitor ad-fraud and scareware overlap: Treat deceptive notification campaigns as both a fraud and user-security issue because the operation combined ad monetization with fake legal threats and financial scams. 
3. Watch trusted discovery surfaces: Include feeds and content recommendation systems in threat awareness because the campaign used Google Discover as the initial delivery path. 

For more news about online scams and malicious ad-driven campaigns, click Cyberattack to read more.