A new type of ad fraud scheme has emerged that uses artificial intelligence (AI) to spread scareware and financial scams through Google Discover. The scheme, dubbed "Pushpaganda" by cybersecurity researchers, targets Android and Chrome users, luring them into enabling persistent browser notifications that lead to malicious websites and ads.
The world of online advertising has long been plagued by scammers and fraudsters who seek to exploit unsuspecting users for their own financial gain. In recent months, a new type of ad fraud scheme has emerged that uses artificial intelligence (AI) to spread scareware and financial scams through Google Discover. The scheme, dubbed "Pushpaganda" by cybersecurity researchers, has been found to target Android and Chrome users, luring them into enabling persistent browser notifications that lead to malicious websites and ads.
The campaign, which has been linked to at least 113 domains across the globe, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages. According to cybersecurity researchers Louisa Abel, Vikas Parthasarathy, João Santos, and Adam Sell, "This operation, named for push notifications central to the scheme, generates invalid organic traffic from real mobile devices by tricking users into subscribing to enabling notifications that presented alarming messages."
The threat actors behind the Pushpaganda scheme have been found to use AI-generated content to create convincing news stories that are designed to lure users into clicking on them. Once a user lands on one of the actor-controlled domains, they are coerced into enabling push notifications that deliver fake legal threats and scams. Specifically, the scareware notifications, once clicked, redirect users to additional sites operated by the threat actors, generating organic traffic to ads embedded in those sites and enabling them to generate illicit revenue.
The entire scheme hinges on the scammers luring unsuspecting users through Google Discover to trick them into visiting misleading news stories filled with AI-generated content. This approach has proven to be highly effective, with the Pushpaganda campaign generating an astonishing 240 million bid requests over a seven-day period. The threat actors have also expanded their reach beyond India, targeting users in other regions such as the U.S., Australia, Canada, South Africa, and the U.K.
Google has since rolled out a fix to address the spam issue, but the Pushpaganda scheme serves as a stark reminder of the ongoing threat posed by AI-driven ad fraud. As Gavin Reid, chief information security officer at HUMAN, noted, "The entire scheme hinges on the scammers luring unsuspecting users through Google Discover to trick them into visiting misleading news stories filled with AI-generated content." He also warned that "the findings demonstrate how threat actors abuse AI to hijack trusted discovery surfaces and turn them into delivery vehicles for scareware, deepfakes, and financial fraud."
This latest development is part of a broader trend in which threat actors are increasingly using AI to develop new types of malware and scams. In September 2025, Infoblox shed light on a threat actor known as Vane Viper that has engaged in systematic push notification abuse to serve ads and facilitate ClickFix-style social engineering campaigns.
"Malware-based threats involving push notifications, both for web and mobile platforms, aren't a novel threat, especially when you consider the way in which they create a sense or urgency," Lindsay Kaye, vice president of threat intelligence at HUMAN Security, told The Hacker News. "In many cases, users are quick to click, either to make them go away or to get more information, making them an effective tool in a malware author's arsenal."
The disclosure also comes a little over a month after HUMAN identified a collection of more than 3,000 domains and 63 Android apps that it said constituted one of the largest ad fraud laundering marketplaces ever uncovered. Dubbed Low5 for its use of HTML5-based game and news sites, the operation has been found to monetize the domains as cashout sites for sophisticated fraud schemes, including BADBOX 2.0.
"The operation peaked at roughly 2 billion bid requests a day and may have operated on as many as 40 million devices worldwide," HUMAN said. "Apps associated with Low5 include code that instructs user devices to visit one of the domains connected with the scheme and click on ads found there." A shared monetization layer spanning more than 3,000 domains allows multiple threat actors to plug into the same infrastructure, creating a distributed laundering system that increases threat resilience, complicates attribution, and enables rapid replication.
"A key takeaway from this research is that monetization infrastructure can survive even after a specific fraud campaign is shut down," HUMAN added. "If one malicious app or device network is removed, the same cashout domains can still be reused by other actors. Low5 reinforces the need for continuous, aggressive threat intelligence and detection expertise to hunt down cashout domains and flag them pre-bid."
Overall, the Pushpaganda scheme serves as a stark reminder of the ongoing threat posed by AI-driven ad fraud. As users continue to rely on online advertising and social media platforms, it is essential that they remain vigilant and take steps to protect themselves from falling victim to these types of scams.