Image by Frembee.com, from Unsplash

Google Suspended Over 39 Million Fraudulent Ad Accounts Using AI Tools

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

Google suspended over 39 million fraudulent advertiser accounts in 2024 using AI, blocking billions of scam ads before they reached the public.

In a rush? Here are the quick facts:

• Over 5.1 billion ads were blocked or removed last year.
• AI detected fake businesses and illegitimate payments before ads went live.
• Deepfake-related ad complaints dropped 90% after new enforcement steps.

Google implemented its largest ad fraud crackdown to date by halting 39.2 million advertiser accounts during 2024 — more than triple the previous year’s total, as first reported by TechCrunch . The company attributed this improvement in early detection to its use of AI and large language models (LLMs).

The AI models help to identify abnormal activities including fake business details and payment fraud. The majority of these accounts were halted before their ads could launch.

“While these AI models are very, very important to us and have delivered a series of impressive improvements, we still have humans involved throughout the process,” said Alex Rodriguez, General Manager for Ads Safety at Google, during a media roundtable, as reported by TechCrunch.

Rodriguez stated that more than 100 specialists from Google’s Ads Safety team, Trust and Safety division, and DeepMind worked together to analyze threats, including deepfake ads that impersonated celebrities, as reported by TechCrunch. Google suspended more than 700,000 ad accounts related to these scams, and deepfake-related complaints dropped by 90%.

According to Mashable , Google reported that its platform eliminated 415 million scam-related ads and blocked a total of 5.1 billion ads across all regions in 2024. Many of these ads violated policies related to sensitive topics, including personal hardships, religious beliefs, and health claims.

The crackdown comes amid broader concerns over online ad security. Microsoft recently warned of a massive malvertising campaign that infected nearly one million devices . Cybercriminals used malicious ads to redirect users to GitHub repositories hosting malware, which stole data and enabled remote access.

This follows a separate Android threat: researchers recently discovered a campaign distributing SpyNote malware via fake Google Play Store pages .

These deceptive sites trick users into downloading infected apps disguised as popular software. Once installed, the malware enables attackers to access microphones, GPS, contacts, and even remotely control the device.

The large-scale suspension of accounts often raises concerns about fairness. Rodriguez acknowledged this, noting that Google has updated its policies and communication tools to improve clarity for advertisers.

“Oftentimes, some of our message wasn’t as clear and transparent about specifics […] It’s been a big focus for the team as part of 2024 and into 2025,” he said, as reported by TechCrunch.

Image by Monique Carrati, from Unsplash

Hackers Target EU Diplomats With Fake Wine Event Invites

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

Russian hackers posing as EU officials lured diplomats with fake wine invites, deploying stealth malware GRAPELOADER in an evolving espionage campaign.

In a rush? Here are the quick facts:

• APT29 targets EU diplomats with phishing emails disguised as wine event invites.
• GRAPELOADER uses stealthier tactics than previous malware, including anti-analysis upgrades.
• Malware executes hidden code via DLL side-loading in a PowerPoint file.

Cybersecurity researchers have uncovered a new wave of phishing attacks carried out by the Russian-linked hacking group APT29, also known as Cozy Bear. The campaign, flagged by Check Point , targets European diplomats by tricking them with fake invitations to diplomatic wine tasting events.

The investigation found that attackers posed as a European Ministry of Foreign Affairs and emailed diplomats invitations that appeared official. The emails contained links that, when clicked, led to the download of malware hidden in a file named wine.zip.

This file installs a new tool called GRAPELOADER, which allows the attackers to gain a foothold in the victim’s computer. GRAPELOADER gathers system information, establishes a backdoor for further commands, and ensures the malware stays on the device even after a restart.

“GRAPELOADER refines WINELOADER’s anti-analysis techniques while introducing more advanced stealth methods,” the researchers noted. The campaign also uses a newer version of WINELOADER, a backdoor known from previous APT29 attacks, which is likely used in the later stages.

The phishing emails were sent from domains impersonating real ministry officials. If the link in the email failed to trick the target, follow-up emails were sent to try again. In some cases, clicking the link redirected users to the actual Ministry website to avoid suspicion.

The infection process uses a legitimate PowerPoint file to run hidden code using a method called “DLL side-loading.” The malware then copies itself to a hidden folder, changes system settings to launch automatically, and connects to a remote server every minute to wait for further instructions.

The attackers went to great lengths to stay hidden. GRAPELOADER uses complex techniques to scramble its code, erase its tracks, and avoid detection by security software. These methods make it harder for analysts to break down and study the malware.

This campaign shows that APT29 continues to evolve its tactics, using creative and deceptive strategies to spy on government targets across Europe.