Pushpaganda Scam Hijacks Google Discover Feeds via AI

The digital landscape has encountered a jarring new adversary. Cybersecurity researchers at HUMAN’s Satori Threat Intelligence Team have recently unmasked a sophisticated, AI-enhanced ad fraud and social engineering campaign aptly codenamed the Pushpaganda scam. This operation highlights a profound shift in how threat actors are exploiting trusted digital environments, specifically targeting the personalized content feeds of Android and Chrome users globally.

By blending advanced search engine optimization (SEO) techniques with generative artificial intelligence, the perpetrators behind the Pushpaganda scam have successfully hijacked Google Discover—a platform users rely on for curated, high-quality information. This is not merely an annoyance; it is a meticulously engineered delivery system designed to bypass human skepticism and convert routine digital consumption into a vector for financial loss and psychological manipulation.

The Anatomy of the Pushpaganda Scam

At its core, the Pushpaganda scam is a masterclass in exploiting user trust in familiar interfaces. The campaign operates on a multi-stage funnel designed to maximize user engagement through fear and urgency. The technical sophistication lies in how the attackers automate the production of deceptive content to feed the algorithms that populate Google Discover.

The operational cycle typically follows this path:

• Injection via SEO Poisoning: Threat actors use generative AI to produce large volumes of sensationalist, misleading news articles. These are designed to mimic legitimate journalism. Through aggressive SEO, these articles are injected into Google Discover feeds, often appearing alongside genuine news stories, which lends them an veneer of legitimacy.
• Luring and Coercion: When a user, curious about a sensationalist headline, clicks on the link, they are directed to an actor-controlled domain. The site is designed to immediately prompt the user for permission to send browser notifications. By utilizing psychological pressure—often suggesting that enabling these notifications is required to view the content or bypass an arbitrary restriction—the scammers manipulate the user into agreeing.
• Weaponized Notifications: Once the user has granted permission, the site gains the ability to send persistent, OS-level push notifications directly to the device. These notifications are the “Pushpa” in Pushpaganda. They are weaponized to deliver a relentless stream of “scareware,” including fake system error alerts, fabricated legal threats, or urgent warnings of compromised security.
• Monetization and Fraud: Clicking on these deceptive notifications redirects victims to further malicious domains. These sites may host additional fraudulent advertisements, initiate downloads of malicious software, or attempt to extract sensitive financial information from the user.

The Scale and Reach of the Threat

The magnitude of this operation is staggering, illustrating the efficiency gains afforded to cybercriminals by AI. At the height of the campaign’s intensity, researchers observed approximately 240 million bid requests associated with 113 domains linked to the Pushpaganda scam in a single seven-day period. This volume of traffic allows the attackers to operate with a high degree of automation, effectively turning stolen trust into a massive, scalable revenue stream.

While the operation was first identified targeting users in India, the reach of the threat has rapidly expanded. It is now actively impacting users in the United States, the United Kingdom, Canada, Australia, and South Africa. This rapid geographic expansion serves as a stark reminder that digital security threats, once localized, can achieve global impact in a matter of days when leveraging automated distribution channels like discovery feeds.

Why AI-Driven Discovery Hijacking is a New Era

The emergence of the Pushpaganda scam signals a disturbing transition in the threat landscape. Historically, SEO poisoning required significant effort—curating keywords, building backlink profiles, and managing technical infrastructure manually. Generative AI has lowered this barrier to entry dramatically, allowing attackers to scale content generation and obfuscation techniques far beyond the capabilities of a human-led operation.

More critically, this campaign targets “discovery surfaces.” Unlike traditional search, where a user actively seeks information, discovery feeds (like Google Discover or various news aggregators) are passive environments where users are more likely to let their guard down. By inserting malicious content into these trusted streams, attackers are effectively poisoning the well of information that users consider reliable.

Security leaders warn that this signifies a fundamental shift: threat actors are no longer just breaking into systems; they are hijacking the very tools that define the modern internet experience. When the “trusted” channels used by billions of people are used to facilitate scams, the baseline of digital trust is eroded.

Defending Against the Future of Scareware

The Pushpaganda scam underscores why traditional skepticism—the idea that “if it looks too good to be true, it probably is”—is no longer enough in an age of AI-augmented deception. Security professionals and organizations must rethink their approach to defending discovery surfaces.

While tech giants like Google have already rolled out fixes to address the specific vulnerabilities exploited by this campaign, the underlying tactic—leveraging generative AI to bypass detection and manipulate user behavior—will undoubtedly persist. For users, the following practices are essential:

1. Exercise Extreme Caution with Notifications: Treat every request from a website to send push notifications with the same suspicion you would apply to an unsolicited email. Never grant permission to a site you do not implicitly trust.
2. Verify the Source: If a news story in your feed appears sensationalist or uses high-pressure language, do not click. Instead, navigate to the news outlet’s official website through a trusted bookmark or by typing the URL directly into your browser.
3. Recognize Scareware Tactics: Legitimate system alerts will not arrive via web browser notifications. Any notification claiming your device is infected with a virus, has a legal issue, or requires an “urgent” update should be ignored and the browser tab immediately closed.
4. Review Browser Permissions: Regularly audit your browser’s site settings to identify and revoke notification permissions for sites you no longer use or that you suspect may be involved in questionable behavior.

The Pushpaganda scam is a clarion call for a more proactive and intelligent approach to threat intelligence. As artificial intelligence continues to lower the cost of deception, the defenders—both platforms and end-users—must evolve equally rapidly. The ability of cybersecurity teams like HUMAN’s Satori to identify and neutralize these threats at the infrastructure level is vital, but the ultimate line of defense remains the informed user who understands that in the digital age, trust must be verified, not assumed.

The “Pushpaganda” moniker is fitting. It is not just about the notifications; it is about the propaganda of the digital era—synthetic, personalized, and designed to deceive at a massive scale. As we navigate this new environment, vigilance is the only currency that will hold its value.