Listen to this Post
Introduction:
A large-scale cyber offensive dubbed “Pushpaganda” is weaponizing Google’s Discovery feed—the personalized content stream on Android home screens and Chrome’s new tab pages—to deliver malicious notifications and scams. Threat actors have deployed over 113 fake domains populated with AI-written articles and clickbait headlines, exploiting advanced SEO tactics and possible paid placements to inject deceptive stories directly into users’ trusted content streams. This convergence of generative AI, search engine poisoning, and mobile notification abuse represents a new frontier in mass-scale social engineering.
Learning Objectives:
- Understand how attackers abuse Google Discover and AI-generated content to distribute malicious alerts.
- Identify technical indicators of fake domains and AI-crafted clickbait used in Pushpaganda campaigns.
- Implement defensive measures including browser hardening, DNS filtering, and user awareness training against AI-driven scams.
You Should Know:
- Analyzing the Pushpaganda Attack Chain: From AI-Generated Articles to Malicious Notifications
The attack begins with threat actors registering numerous domain names (113+ in this campaign) that mimic legitimate news or tech outlets. Using large language models, they generate hundreds of SEO-optimized articles containing sensational headlines and embedded malicious links or notification subscription triggers. These domains are then promoted via black-hat SEO techniques—including backlink farming and click-through rate manipulation—to appear in Google Discover’s algorithmic feed. Once a user clicks an article, they may be prompted to “allow notifications,” which then delivers fake security alerts, system warnings, or prize scams directly to the device’s notification shade.
Step‑by‑step guide to investigate suspicious domains:
Linux / macOS Commands:
Extract all domains from a suspect URL list cat suspicious_urls.txt | cut -d '/' -f3 | sort -u Perform bulk WHOIS lookups for domain in $(cat domains.txt); do whois $domain | grep -E "Creation Date|Registrar|Name Server"; done Check DNS records for fast-flux or malicious patterns dig +short A $domain dig +short TXT $domain Identify domains with recently created AI-generated content using curl and grep curl -s "http://$domain" | grep -iE "chatgpt|generated by ai|content crafted by"
Windows PowerShell:
Resolve domains and check DNS Resolve-DnsName -Name $domain -Type A Resolve-DnsName -Name $domain -Type TXT Download and scan for AI content signatures Invoke-WebRequest -Uri "http://$domain" -UseBasicParsing | Select-Object -ExpandProperty Content | Select-String -Pattern "AI-generated|synthetic content"
2. Detecting AI-Generated Malicious Content in the Wild
Generative AI leaves subtle statistical and stylistic fingerprints. While threat actors can produce plausible text, automated detectors (e.g., GPTZero, Originality.ai) combined with rule-based heuristics can flag anomalies. Common indicators include: lack of original sources, repetitive phrasing, unnatural transitions, and excessive use of hype terms (“urgent,” “your account will be locked”). For blue teams, deploying a content inspection proxy that scores incoming feeds for AI-likelihood can block malicious Discover entries.
Step‑by‑step guide for building a lightweight detection script:
Python example using `transformers` for perplexity scoring (Linux/macOS/WSL):
from transformers import GPT2LMHeadModel, GPT2Tokenizer
import torch
tokenizer = GPT2Tokenizer.from_pretrained("gpt2")
model = GPT2LMHeadModel.from_pretrained("gpt2")
def detect_ai_text(text, threshold=100):
inputs = tokenizer(text, return_tensors="pt")
with torch.no_grad():
outputs = model(inputs, labels=inputs["input_ids"])
loss = outputs.loss
perplexity = torch.exp(loss)
print(f"Perplexity: {perplexity.item()}")
return perplexity.item() < threshold Lower perplexity often indicates AI
sample_alert = "Your Google account has been compromised! Click immediately to verify."
if detect_ai_text(sample_alert):
print("[!] Potential AI-generated scam detected")
Linux one-liner to scan downloaded articles:
find /path/to/cached_pages -name ".html" -exec grep -lE "unusual|click here|verify now|security alert" {} \;
3. Mitigating Malicious Notifications on Android and Chrome
Once a user clicks “Allow” on a malicious notification prompt, the attacker gains persistent access to push messaging. Removing these requires revoking notification permissions at the browser level and scanning for installed service workers. Attackers also use Web Push API to bypass traditional ad-blockers.
Step‑by‑step guide for users and administrators:
Android (Chrome):
- Open Chrome → tap three dots → Settings → Notifications.
- Under “Sites,” look for any unfamiliar or suspicious URLs.
- Tap the site → select “Block” or “Remove.”
- Alternatively, go to Settings → Apps → Chrome → Notifications → turn off “Allow notification dots” and review all allowed sites.
Windows / macOS (Chrome):
Navigate to chrome://settings/content/notifications Remove any entries matching suspicious domains (e.g., fake-news-site[.]xyz)
Revoke service workers (persistent push subscriptions):
- In Chrome, go to `chrome://serviceworker-internals/` and unregister any worker associated with a malicious domain.
- For enterprise environments, use Group Policy (Windows) or `managed` preferences (macOS) to block notification prompts entirely for non-allowlisted domains.
Command-line removal for Chromium-based browsers (Linux):
Clear notification permissions database sqlite3 ~/.config/google-chrome/Default/Preferences "DELETE FROM notification_permissions WHERE origin LIKE '%malicious-domain%';"
- Hardening Google Discover Feeds and SEO Poisoning Defenses
Organizations can reduce risk by controlling what content reaches users’ devices. For Android Enterprise, administrators can disable the Google Discover feed via managed configurations. Home users can switch to alternative launchers that do not integrate Discover or use DNS filtering to block the 113+ fake domains associated with Pushpaganda.
Step‑by‑step guide:
Block domains via /etc/hosts (Linux/macOS) or C:\Windows\System32\drivers\etc\hosts (Windows):
Add lines for each malicious domain (obtain from threat intel feeds) 127.0.0.1 fake-news-site[.]xyz 127.0.0.1 alerts-security-update[.]com
Use Pi-hole or AdGuard Home for network-wide blocking:
On Pi-hole, add a blacklist file echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts" | tee -a /etc/pihole/adlists.list pihole updateGravity
For Chrome Enterprise, deploy extension force-install of uBlock Origin with custom filter:
||google.com/discover?=&article$document ||.xyz^$script,third-party
- Incident Response for Users Exposed to Pushpaganda Scams
If a user has already clicked a malicious notification and entered credentials or downloaded a payload, immediate containment is required. Attackers often combine notifications with credential harvesting or banking trojans.
Step‑by‑step IR workflow:
- Disconnect device from network (enable airplane mode or unplug Ethernet).
- Revoke notification permissions as described in section 3.
- Scan for malware using Windows Defender offline or ClamAV (Linux).
Windows: Run offline scan Start-MpWDOScan
Linux: Update and scan sudo freshclam sudo clamscan -r --remove /home/user/Downloads
- Check for new browser extensions (chrome://extensions) and remove unknown ones.
- Reset browser settings to default to clear any SEO-redirects.
- Change any passwords that may have been entered on phishing pages. Enforce MFA.
- Monitor outgoing traffic for connections to the 113+ domains using netstat or Sysmon.
netstat -tunap | grep -E "(443|80)" | grep -v "127.0.0"
6. Training and Awareness Against AI-Generated Threats
Traditional phishing training fails against AI-crafted content that mimics legitimate news. Security awareness programs must evolve to include detection of AI artifacts, understanding of notification permission abuse, and skepticism toward “too urgent” alerts.
Recommended training module outline:
- Lab 1: Show examples of real vs. AI-generated news articles. Ask users to identify telltale signs (lack of byline, generic images, repetitive structure).
- Lab 2: Simulate a malicious notification prompt on test devices. Teach users to always check the URL before clicking “Allow.”
- Lab 3: Use free tools like `Originality.ai` to verify suspicious text in emails or feeds.
- Policy update: Mandate that any security alert delivered via browser notification must be verified through official channels (e.g., corporate email or internal portal).
What Undercode Say:
- Generative AI lowers the barrier for mass‑scale social engineering. Attackers can now produce thousands of unique, plausible scam articles at near-zero cost, making signature-based detection obsolete.
- Google Discover’s algorithm is weaponizable. Any feed that relies on engagement metrics can be poisoned with black-hat SEO—platforms must integrate content authenticity scoring (e.g., watermarking AI text).
- User notification permissions are the new phishing vector. The simple act of clicking “Allow” has become as dangerous as opening a malicious attachment. Enterprises should disable browser notifications by default via GPO or MDM.
- Defense requires hybrid AI detection + traditional blocking. Combining perplexity scoring, DNS filtering, and user training creates layered protection against this emerging threat.
Prediction:
Within 12 months, we will see the first major data breach attributed entirely to AI-generated feed poisoning. Attackers will automate domain registration and article generation at scale (thousands of domains per day), forcing search engines to implement real-time AI content detection. Regulatory bodies may mandate that any algorithmically promoted content must carry a machine-readable “synthetic” label. Organizations that fail to update their security awareness programs—specifically regarding browser notification risks—will experience a surge in successful compromises. Meanwhile, defenders will adopt small language models (SLMs) running locally to score every incoming feed item for generative fingerprints, creating an arms race between AI-generated scams and AI-powered detection.
▶️ Related Video (90% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Mayura Kathiresh – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
