Security & Infrastructure Tools

1Campaign platform helps malicious Google ads evade detection

A new cybercrime tool called 1Campaign lets attackers run malicious Google ads that pass the platform’s automated checks and stay online for long periods while hiding from security scanners. The cloaking service filters visitors in real time—only showing phishing or crypto‑drainer pages to genuine users, blocking traffic from cloud providers, VPNs, and other suspicious sources—and allows operators to target specific regions, ISPs, and device types. By manipulating browser fingerprints and routing through a diverse IP pool, the platform evades static URL scanning and can impersonate legitimate brands in ads, making it difficult for security researchers to detect and stop these malicious campaigns.

TechLogHub

February 25, 2026

Keep Reading

Security & Infrastructure ToolsJun 8, 2026

Reducing security operations complexity with Wazuh Cloud

The article explains how Wazuh Cloud reduces security operations complexity by offering a fully managed, cloud-native SIEM/XDR. It highlights modern SOC challenges—extended onboarding, ongoing maintenance, high alert volumes, scaling constraints, inflexible licensing, and reactive support—across hybrid environments. It then shows how Wazuh Cloud addresses these issues with rapid time-to-value, zero-maintenance backend, an AI-powered Security Analyst, automatic scalability, flexible tiering, and proactive support. The piece describes the agent-server architecture, indexing and data pipeline, the detection engine, and the AI analyst layer, and concludes that Wazuh Cloud lowers MTTD/MTTR, reduces costs, and improves visibility, with an invitation to start a free trial.

Check Point links VPN zero-day attacks to Qilin ransomware gang

Security & Infrastructure Tools

More from the Blog

View all

Security & Infrastructure Tools

Microsoft Adds Copilot Data Controls to All Storage Locations

Microsoft is expanding its data‑loss prevention controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel and PowerPoint documents regardless of where they are stored—whether on local devices or in SharePoint/OneDrive. The update will be deployed through the Augmentation Loop (AugLoop) Office component between late March and late April 2026, automatically enabling the restriction for organizations that already have DLP policies set to block Copilot from handling sensitivity‑labeled content. This change follows a bug that had allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections.

Feb 25, 2026

Security & Infrastructure Tools

Previously harmless Google API keys now expose Gemini AI data

Stay Updated

Get the next deep dive in your inbox

Subscribe for product analysis, engineering explainers, and practical guides published on TechLogHub.

Stay Updated

Get weekly insights, product updates, and launches straight to your inbox.

The cyber‑crime community has uncovered a new tool called 1Campaign that allows attackers to launch malicious Google ads and keep them running for months without detection by security researchers or automated scanners.

This cloaking service passes Google’s automated screening process and serves benign white pages to bots, while showing phishing and crypto‑drainer content only to real potential victims. The platform is operated by a developer who uses the pseudonym “DuppyMeister” according to data‑security firm Varonis. 1Campaign has been active for at least three years.

A key feature of 1Campaign is its real‑time visitor filtering. It can redirect traffic to specific landing pages based on geographic location, ISP, device characteristics, and other criteria. In one observation, the system blocked 99.4 % of visitors from a sample set of 1,676 users, leaving only about ten genuine victims.

The platform assigns each visitor a fraud risk score between 0 and 100 by evaluating infrastructure details such as cloud providers, VPNs, and security vendors. Visitors coming from major cloud services—Microsoft, Google, Tencent Cloud, OVH Hosting, among others—receive high fraud scores and are automatically blocked.

Varonis reports that traffic associated with 1Campaign originates from the United States, Canada, the Netherlands, China, Germany, France, Japan, Hungary, and Albania. The tool also includes a Google Ads launcher that helps operators bypass Google’s policy limitations and impersonate legitimate brands in ads.

Despite Google’s numerous safeguards, its ad platform remains vulnerable to fraud, malware, and crypto‑drainer campaigns. 1Campaign stands out because it is specifically designed to launch malicious ads that pass automated inspection and can survive until victims report them or the campaign is manually flagged.

The cloaking system makes static URL scanning ineffective; realistic browser fingerprints and human‑like interaction patterns are required for better detection. Varonis recommends rotating IP pools and user‑agent configurations to avoid consistent fingerprinting.

Users should remain cautious of promoted search results, double‑check URLs before entering sensitive information, and prefer official distribution channels when accessing software or services.

}}

1Campaign platform helps malicious Google ads evade detection

Related Posts

Reducing security operations complexity with Wazuh Cloud

More from the Blog

Microsoft Adds Copilot Data Controls to All Storage Locations

Previously harmless Google API keys now expose Gemini AI data

Get the next deep dive in your inbox

Stay Updated

Check Point links VPN zero-day attacks to Qilin ransomware gang

Oxford University discloses data breach after careers platform hack

Microsoft says bug in classic Outlook hides the mouse pointer

Product

Learn

Company

Legal

Stay Updated

Browse by Category

Stay Updated