A disinformation campaign is exploiting Microsoft Azure and OVH cloud services, along with Google search, to spread malware. Android users receive Google notifications regarding topics they’ve previously searched for, which direct them to fake news stories about public figures.

Some of these stories involve Harry Connick Jr., whose search results have been polluted by suspicious domains hosted on cloud services. When users click on these notifications, they encounter sensationalized articles spreading unfounded rumors, such as Connick Jr. suffering a stroke. These claims lack support from credible news sources but gain traction through repeated exposure.

BleepingComputer’s investigation revealed that this disinformation campaign uses similar tactics to target multiple celebrities, including Bill Paxton, Carol Burnett, and Eminem. The articles appear as infotainment but have a more sinister purpose. When ad blockers are disabled, these sites redirect visitors through multiple pages, eventually leading them to malware, spam, and fraudulent software. The sophistication of the scheme suggests it is orchestrated by skilled cybercriminals exploiting both technology and human psychology.

One example is a link on a Microsoft Azure domain that redirects users to a dubious site urging them to install a fake ad blocker extension. Some of the URLs identified as part of this campaign include:

  • hxxps://celebradar.blob.core.windows[.]net/celebnetwork15/harry-connick-junior-stroke.html
  • hxxps://applebulletin.blob.core.windows[.]net/bergenews5/is-randy-travis-dead.html
  • hxxps://globalinternationalnews.blob.core.windows[.]net/globalinternationalnews3/harry-connick-jr-stroke.html74

Readers are strongly advised to avoid search results from unfamiliar domains, especially when they make bold, unverified claims about public figures. Refraining from clicking on these links is crucial, as they often lead to malware or other harmful content.