Google Discover scam turns AI into bait

Google’s Discover feed has become the latest battleground in the cybercrime economy after researchers uncovered a large-scale operation that used AI-written articles, fake news hooks and misleading browser prompts to push scam alerts to users’ phones and computers. The campaign, dubbed Pushpaganda, relied on more than 100 bogus domains designed to look like ordinary content sites, then turned visitors into targets for persistent scareware, ad fraud and financial scams.

The scheme worked by exploiting a weak point in the way many users consume information on mobile devices. Threat actors created around 113 domains filled with sensational articles and images generated at scale, then used search optimisation and, in some cases, paid placement to push those stories into personalised Google Discover feeds and Chrome surfaces. Once a reader tapped through, the page quickly asked for permission to send notifications. A single press on “Allow” gave the operators a direct channel to deliver alarming messages that mimicked legal warnings, family calls, banking alerts and other urgent notices.

HUMAN Security’s Satori Threat Intelligence and Research Team said the campaign mixed ad fraud, social engineering and scareware rather than relying on classic malware installation. That distinction matters. The operation did not need to break into a device in the traditional sense. Instead, it abused legitimate browser notification features and users’ tendency to clear prompts quickly on small screens. Researchers said the tactic generated invalid traffic from real devices, making the operation more attractive to fraudsters seeking advertising revenue while also exposing victims to broader scams.

At its peak, HUMAN linked roughly 240 million bid requests in a seven-day period to Pushpaganda-associated domains. The campaign was first seen targeting users in India, but researchers said its footprint expanded to markets including the United States, Australia, Canada, South Africa and the United Kingdom. That spread underlines how quickly AI-assisted scam infrastructure can move across borders once the content templates, domain network and monetisation chain are in place.

Google said it had already deployed a fix before learning of HUMAN’s report and confirmed measures were in place to stop low-quality, manipulative material of this kind from appearing in Discover feeds. The company said it uses spam-fighting systems and policies to block content designed to game Search and Discover rankings. Google’s published spam rules state that “scaled content abuse” includes using generative AI to produce large volumes of pages with little value, scraping material from other sources, or creating multiple sites to disguise the industrial scale of the operation.

That policy backdrop is central to why this case stands out. Debate over AI content has often focused on plagiarism, misinformation and the effect on publishers’ traffic. Pushpaganda shows a more direct security consequence: generative tools can lower the cost of building convincing bait at industrial volume, with headlines tailored to local fears, consumer anxieties and political curiosity. Malwarebytes noted that the lures included tax refunds, government payouts, bank deposits and bargain gadgets, all designed to look plausible enough for a quick tap from a Discover card or Chrome suggestion panel.

Once permission was granted, the attack moved into a second phase. Researchers observed notifications carrying fake arrest warrants, sham police notices, false financial alerts and messages implying missed calls from relatives. The click path often sent users to further actor-controlled domains, some of which opened extra tabs in the background and rotated pages to request ads, inflating traffic and impressions without genuine user intent. That meant the same campaign could serve both as a scam delivery system and as an advertising fraud engine.

The broader significance for publishers and platforms is uncomfortable. Discover and similar recommendation surfaces depend on quick visual trust: a thumbnail, a headline and the platform’s implicit endorsement. When attackers can mass-produce content that looks credible enough to win placement, the line between spam, disinformation and cyber fraud becomes thinner. Pushpaganda also arrives after Google tightened its anti-spam posture around scaled content abuse, suggesting that enforcement will have to move as quickly as the tactics it is trying to suppress.