In the last 72 hours, we have heard of multiple marketing agencies that have had their Google accounts taken over. One is an 8 figure to possibly a 9 figure a year agency.
As we have heard over the last two years of this on going issue, the moral here is to not put all your eggs into one giant ‘Google’ account basket. Yes, we know that is more difficult to manage independent accounts, but if your entire business can be taken over with the loss of one account access you are at serious risk. You simply haven’t analyzed the pain level that would be inflicted upon a full MCC account take over. We know of several firms that have never fully recovered from account hacks a year later.
The reality is that Google is scare sh*tless of this issue. They can’t talk about security issues in public with out causing themselves harm by spooking advertisers or encouraging attacks. Additionally, we are going to simply say, Googles attention in this matter has been shockingly, stunningly, uncharacteristically inept. Days, weeks, months have passed for several firms that never saw recovery, and had to create new accounts – with new ad limits. Google always seems to blame the account holder (even though most have 2FA on with dual confirms for changes). In fact, Googles own help page on the subject, all but says “it’s your fault“.
So ya, Google Ads is facing another ugly hacking/malvertising flare-up. A new BleepingComputer report says attackers are again abusing Google sponsored results and legitimate Claude.ai shared chats to push malware at users searching for Claude downloads.
The trick is super nasty because again, the ad can show a trusted-looking Claude.ai destination, then send users into a shared Claude chat that poses as an installation guide. From there, the mac victim is told to open Terminal and paste commands that download and run malware…yada yada yada. That moves the attack past the old “check the URL” advice. In this case, the visible google linked url trust signal is part of the actual scam trap.
As you know, this is not an isolated Google Ads problem. In January 2025, attackers were using Google Search ads to steal Google Ads account credentials, then using those accounts for more malicious campaigns. Earlier this month, another campaign used Google sponsored results to phish GoDaddy ManageWP credentials, a direct threat to agencies and WordPress site operators.
The pattern has been building for years. Researchers have also documented Google Ads campaigns pushing fake Homebrew and LogMeIn downloads, plus cloaking services such as 1Campaign, which help malicious ads show clean pages to reviewers while sending real users to phishing or malware pages.
Google was asked to comment on this story and has not responded.
As the CEO and founder of Pubcon and WebmasterWorld., Brett Tabke has been instrumental in shaping the landscape of online marketing and search engine optimization. His journey in the computer industry has spanned over three decades and has made him a pioneering force behind digital evolution. Full Bio
Visit Pubcon.com