There has been a rise in the use of sponsored ads on platforms like Google and Instagram for malicious purposes, such as phishing attempts or spread malware.

Now, this scheme has extended to target Semrush users, a widely used SEO and market research platform. With Semrush serving over 40% of Fortune 500companies and 117,000 paying customers, it’s no surprise that it has become a prime target for fraudsters.

How the Scam Works

Semrush Malicious Ads(Source:MalwareBytes)

Recently, a wave of fraudulent Google Ads was found, impersonating Semrush to steal Google account credentials. These malicious ads redirected users to fake login pages that looks like legitimate Semrush portals, where only the “Log in with Google” option was available.

Semrush Google Login(Source: MalwareBytes)

Impact

Once attackers acquire Google credentials, they can access key data from Google Analytics (GA) and Google Search Console (GSC). These tools are essential for businesses, offering detailed insights into website performance, traffic, and e-commerce metrics like transaction volume and revenue.

Using these compromised Google accounts, criminals gain access to valuable business data, including financial performance and customer behaviour, without ever needing direct access to Semrush.

The implications of this extend beyond credential theft. Semrush accounts contain sensitive information, such as name, addresses, and even partial credit card details which can be used by attacks to carry out financial fraud. Moreover, a cybercriminal could impersonate Semrush support, referencing a fake billing issue to trick victims into providing complete credit card details.

Conclusion

Brand impersonation is a popular social engineering tactic for cyber criminals seeking access to valuable data. Over the past six months, fraudsters have increasingly turned to sponsored ads on Google and Instagram to promote phishing sites or spread malware. To avoid this platforms must implement stricter standards and verification process for sponsored ads.

IOC

adsense-word[.]com
auth[.]semrush[.]help
sem-russhh[.]com
sem-rushhh[.]com
sem-rushh[.]com
semrush[.]click
semrussh[.]sbs
semrush[.]tech
seemruush[.]com
semrush-auth[.]com
auth.seem-rush[.]com
ads-semrush[.]com
semrush-pro[.]co
semrush-pro[.]click
auth.sem-ruush[.]com
semrush[.]works

Source:hxxps[://]www[.]malwarebytes[.]com/blog/news/2025/03/semrush-impersonation-scam-hits-google-ads

Follow us on X and Linkedin for the latest cybersecurity news.