Hey Cyberwarriors, I’ve come across a sneaky new trick and I need to share it with you. Cybercriminals have developed a fresh method: fake “Are You Human” checks. What’s their aim? To trick you into giving unwanted permissions, clearing a path for a barrage of unwanted alerts and messages.
Google Dork Uncovers Thousands of Guilty Sites
I’ve made a startling discovery. This isn’t an isolated incident with just one or two rogue websites. By using Google Dork, a technique that digs out hidden information via search engines, I’ve found over 2500 websites employing this misleading tactic. This could just be the start.
site:adservice.google.com intext:Lost in 50s diner?
Real vs. Fake: The Double Deception
Here’s the truly devious part. A number of these sites are even protected by antibot.cloud. The antibot system performs a legitimate “Are You Human” check, making you feel like everything is standard. But once you pass this check, the site throws a curveball with the counterfeit one, trying to bamboozle you into granting those pesky permissions.
The Consequences of Clicking Accept: What’s At Stake?
So, what’s the big deal if you accidentally click ‘accept’ on one of these false checks? Well, I hate to be the bearer of bad news, but the repercussions can be quite bothersome.
When you grant permissions to these mischievous sites, you’re essentially opening the floodgates for them to send you a barrage of notifications. It might seem like a minor annoyance, but these constant pop-ups can seriously disrupt your browsing experience.
More worryingly, these sites gain a backdoor into your browser. They could potentially misuse this access to deliver spam, phishing attacks, or even malware directly to your device. In other words, clicking ‘accept’ could inadvertently place you on the frontlines of a cyber attack.
Footage of what you can expect
In this video, you will see that by using the Google Dork, you can quickly find thousands of fake active “Are you Human” checks.
Examples
I edited these with the IOC editor, you can use the tool to make the links clickable again. Just use the following options:
- Replace
[://]with:// - Replace
[.]with.
https[://]adservice[.]google[.]com/ddm/clk/424929466;226923624;r;u=ds&sv1=64195420186&sv2=3261659123742877&sv3=6702577448695742699&gclid=EAIaIQobChMIurHiwbHn8gIVBZ53Ch2TZAIsEAQYASABEgKAL_D_BwE;%3F//emtarbirirana[.]ml/8v5vil67adservicegooglecommini3 https[://]adservice[.]google[.]com/ddm/clk/408533097;208818505;l;u=ds&sv1=28425702662&sv2=3308540421843529&sv3=1082951500986547458&gclid=CKSqo-LMkfgCFQX6jgodTtUOHg;%3F//ningwriseabchamlea[.]tk/3nhgsdk13adservicegooglecom27mini4 https[://]adservice[.]google[.]com/ddm/clk/408533097;208818505;l;u=ds&sv1=28425702662&sv2=3308540421843529&sv3=1082951500986547458&gclid=CKSqo-LMkfgCFQX6jgodTtUOHg;%3F//losesunbcentwinfsav[.]tk/2scsdj80adservicegooglecomb3 https[://]adservice[.]google[.]com/ddm/clk/424929466;226923624;r;u=ds&sv1=64195420186&sv2=3261659123742877&sv3=6702577448695742699&gclid=EAIaIQobChMIurHiwbHn8gIVBZ53Ch2TZAIsEAQYASABEgKAL_D_BwE;%3F//distluba[.]tk/gj0vil67adservicegooglecommini3 https[://]adservice[.]google[.]com/ddm/clk/408533097;208818505;l;u=ds&sv1=28425702662&sv2=3308540421843529&sv3=1082951500986547458&gclid=CKSqo-LMkfgCFQX6jgodTtUOHg;%3F//cotamelili[.]tk/brmvil80adservicegooglecomc3 https[://]adservice[.]google[.]com/ddm/clk/408533097;208818505;l;u=ds&sv1=28425702662&sv2=3308540421843529&sv3=1082951500986547458&gclid=CKSqo-LMkfgCFQX6jgodTtUOHg;%3F//nonwaruciretar[.]tk/fwgvil43adservicegooglecomc3 https[://]adservice[.]google[.]com/ddm/clk/424929466;226923624;r;u=ds&sv1=64195420186&sv2=3261659123742877&sv3=6702577448695742699&gclid=EAIaIQobChMIurHiwbHn8gIVBZ53Ch2TZAIsEAQYASABEgKAL_D_BwE;%3F//enecsigseatt[.]cf/a7jsdj67adservicegooglecommini3
