Specialists from the IB company Malwarebytes have discovered a Google Ads advertising campaign that directs users to a fake Keepass site. The attackers are using the Punycode method to mask their malicious actions and make their domain appear like the official Keepass domain (Malwarebytes).
Google has been facing challenges in dealing with fraudulent advertising campaigns for a long time. These campaigns present threats in the form of advertisements displayed over the search results. Cybercriminals can also utilize this service to place ads that redirect users to malicious phishing sites either in the Google search results or on third-party websites.
This scheme is highly favored by cybercriminals because Google experts often struggle to definitively identify harmful websites, allowing fraudulent ads to be published without detection (Malwarebytes).