CYBERSECURITY researchers have uncovered a new ad fraud scheme, named Pushpaganda by HUMAN's Satori Threat Intelligence and Research Team, that uses AI-generated content and search engine poisoning to push deceptive news into Google's Discover feed and coax users into enabling persistent browser notifications for scareware and fraud.
At its peak the operation generated around 2 billion bid requests a day and may have operated on as many as 40 million devices worldwide, with about 240 million bid requests linked to 113 domains over a seven‑day period. The campaign targeted Android and Chrome users, initially appearing in India and then expanding to the U.S., Australia, Canada, South Africa, and the U.K., where it aims to hijack discovery surfaces to drive traffic to actor-controlled domains.
Users who clicked on scareware notifications were redirected to sites that displayed AI-generated content and prompted further interactions, delivering ads and enabling illicit revenue through ad fraud. The findings also reference a separate 2025 disclosure about a threat actor known as Vane Viper abusing push notifications for ClickFix-style social engineering, underscoring that monetisation infrastructure can outlive individual campaigns. Google has since rolled out a fix to address the spam issue, according to HUMAN.