Malvertising Campaign Delivers Millions of Bad Ads
By using the HiBids advertising platform, cyber-criminals have been delivering malicious advertisements to millions of victims worldwide in a large-scale malvertising and banking Trojan campaign, according to researchers at Check Point.
These malicious ads can infect the PC or mobile device of the person viewing the ads with malware, such as a crypto-miner, ransomware or a banking Trojan. Master134, the criminal reported to be responsible for the campaign, redirected stolen traffic from over 10,000 hacked WordPress sites, then sold it to Adsterra, the real-time bidding (RTB) ad platform, according to today’s blog post.
From there, Adsterra sold the traffic to advertising resellers, including ExoClick, AdKernel, EvoLeads and AdventureFeeds, which passed it on to the highest-bidding ‘advertiser.’ “Our discovery revealed an alarming partnership between a threat actor disguised as a Publisher and several legitimate Resellers that leverage this relationship to distribute a variety of malware including Banking Trojans, ransomware and bots,” researchers wrote.
The key to the campaign's success was that the advertisers were seemingly legitimate companies; however, they were actually criminals looking to distribute ransomware, banking Trojans, bots and other malware, which is how the infected ads – not legitimate ads – appeared on thousands of publishers’ websites worldwide.
During this campaign, which is still active, Check Point reportedly saw 40,000 clicks per week on these malicious ads. Cyber-criminals, who measure the return on investment of their ad spend by comparing it to the money they make from crypto-mining and ransom, are compromising the legitimate business of online advertising, exploiting it to display malware-infected ads.
Recognizing that threat actors will always search for new ways to spread their attack campaigns, researchers anticipate seeing more of these types of attacks, though the involvement of seemingly legitimate online advertising companies is of great concern. “We can’t help but wonder – is the online advertising industry responsible for the public’s safety? Indeed, how can we be certain that the advertisement we encounter while visiting legitimate websites are not meant to harm us?” the researchers wrote.
Source: infosecurity-magazine
Latest Jobs
-
- Contract SailPoint Programme Manager - UK 12 month+ project
- United Kingdom
- N/A
-
Programme manager with SailPoint IdentityIQ IAM experience is needed for a 12 month rolling contract. To engage and manage a enterprise client programme of work focused around SailPoint. This is a hybrid role, some limited travel to London / Reading maybe required. You must have enterprise level programme management, a focused and recent history within Identity and Sailpoint project experience. Exclusive project, interview immediately.
-
- Outside IR 35 contract- Threat & vulnerability analyst - SC CLEARED UK REMOTE
- N/A
- £550
-
6 month rolling contract Outside IR35- immediate start. Threat and Vulnerability Analyst. Tenable.sc experience needed. The ability to deploy agent, configure environments, run active and passive scans, produce reports and prioritise remediation activities based on output Current and ACTIVE clearance is required
-
- Chief Information Security Officer- CISO. London
- London
- N/A
-
Chief Information Security Officer (CISO) is needed to join a senior leadership team that is driving change across a London based FTSE business. You will have responsibility and accountability to define and execute an information & Cyber Security strategy. To be successful you should have the following experience; Experience defining, presenting and executing against your information AND cyber security strategy. Experience delivering / managing functions across information security GRC / Audit and technical Cyber Security capabilities. Senior stakeholder management to the executive committee. Embedding Info / cyber security within a Cloud focused environment. Further develop, expand and mature the information / cyber security function | team. Be able to regularly commute to London Financial services experience is desirable. If this sounds like an opportunity you are interested in then please use the below form to schedule a call. This is an exclusive project to DCL Search. All conversations are kept in confidence.
-
- IAM Business Analyst- ForgeRock
- European Union
- £500 per day
-
IAM Business Analyst with ForgeRock experience is need for a 12 months contract The client is in the middle of a large scale ForgeRock deployment and the BA will sit between the technical teams and the business helping to ensure the project is a success You will need to be a strong business communicator and have experience of mapping business needs against ForgeRock features This will be a remote project dealing with teams in different geographies, you must have strong English communications skills and be happy working remotely and able to be proactive to ensure your side of the project is a success