Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google’s Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams.
The campaign, which has been found to target the personalized content feeds of Android and Chrome users, has been codenamed Pushpaganda by HUMAN’s Satori Threat Intelligence and Research Team.
“This operation, named for push notifications central to the scheme, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages,” researchers Louisa Abel, Vikas Parthasarathy, João Santos, and Adam Sell said in a report shared with The Hacker News.
At its peak, about 240 million bid requests have been associated with 113 domains linked to the campaign over a seven-day period. The threat, although observed targeting India, has since expanded to other regions like the U.S., Australia, Canada, South Africa, and the U.K.
The findings demonstrate how threat actors abuse AI to hijack trusted discovery surfaces and turn them into delivery vehicles for scareware, deepfakes, and financial fraud, Gavin Reid, chief information security officer at HUMAN, said. Google has since rolled out a fix to address the spam issue.
The entire scheme hinges on the scammers luring unsuspecting users through Google Discover to trick them into visiting misleading news stories filled with AI-generated content. Once a user lands on one of the actor-controlled domains, they are coerced into enabling push notifications that deliver fake legal threats and scams.
Specifically, the scareware notifications, once clicked, redirect users to additional sites operated by the threat actors, generating organic traffic to ads embedded in those sites and enabling them to generate illicit revenue.
This is not the first time threat actors have weaponized push notifications to redirect to sketchy websites. In September 2025, Infoblox shed light on a threat actor known as Vane Viper that has engaged in systematic push notification abuse to serve ads and facilitate ClickFix-style social engineering campaigns.
“Malware-based threats involving push notifications, both for web and mobile platforms, aren’t a novel threat, especially when you consider the way in which they create a sense or urgency,” Lindsay Kaye, vice president of threat intelligence at HUMAN Security, told The Hacker News. “In many cases, users are quick to click, either to make them go away or to get more information, making them an effective tool in a malware author’s arsenal.”
When reached for comment on the story, a Google spokesperson said, “We keep the vast majority of spam out of Discover through robust spam-fighting systems and policies against emerging forms of low quality, manipulative content. Prior to learning of this report, we launched a fix for the spam issue in question, maintaining our high bar for quality content on Discover.”
The company also said it has instituted robust spam policies and spam-fighting systems to tackle abusive practices that surface unoriginal, low-quality content in Search and Discover, and that it rolls out regular algorithmic updates to flag policy-violating content that seek to manipulate Search and News rankings.
According to its guidance about AI-generated content in Search, any use of AI to generate content primarily to manipulate search rankings is against its spam policies. Instances of scaled content abuse include using generative AI tools or similar offerings to produce pages that do not offer any value for users; scraping feeds, search results, or other content; and creating multiple sites with the intent of hiding the scaled nature of the content.
The disclosure also comes a little over a month after HUMAN identified a collection of more than 3,000 domains and 63 Android apps that it said constituted one of the largest ad fraud laundering marketplaces ever uncovered. Dubbed Low5 for its use of HTML5-based game and news sites, the operation has been found to monetize the domains as cashout sites for sophisticated fraud schemes, including BADBOX 2.0.
“The operation peaked at roughly 2 billion bid requests a day and may have operated on as many as 40 million devices worldwide,” the company said. “Apps associated with Low5 include code that instructs user devices to visit one of the domains connected with the scheme and click on ads found there.”
Cashout sites, also called ghost sites, are used to conduct content-driven fraud, where the attackers use bogus sites and apps to sell space to advertisers who may assume their ads will be viewed by humans. The Android apps in question have been removed from the Google Play Store.
“A shared monetization layer spanning more than 3,000 domains allows multiple threat actors to plug into the same infrastructure, creating a distributed laundering system that increases threat resilience, complicates attribution, and enables rapid replication,” HUMAN added.
“A key takeaway from this research is that monetization infrastructure can survive even after a specific fraud campaign is shut down. If one malicious app or device network is removed, the same cashout domains can still be reused by other actors. Low5 reinforces the need for continuous, aggressive threat intelligence and detection expertise to hunt down cashout domains and flag them pre-bid.”
(The story was updated after publication on April 15, 2026, with a response from Google.)
