Security researchers have warned that a large-scale malvertising campaign is exposed millions of Internet users around the world to malware.
The warning comes after Facebook last month signed a new partnership deal to tackle malvertising on its site.
According to Websense Security Labs, the latest malvertising campaign exposes potentially up to 50 million web users to some nasty malware.
When a web user tries to browse to websites such as CNN Indonesia, the official website of Prague Airport, Detik, AASTOCKS, RTL Television Croatia, and the Bejewled Blitz game on Facebook, they are potentially exposed to this malware thanks to compromised OpenX scripts. The nasty code is “evasive and stealthy” and leads to the Angler Exploit Kit which exploits an Adobe Flash flaw in order to insert the Bunitu trojan onto the PC.
“Since April we have seen compromised Revive Adserver scripts being used by several highly popular websites,” said the security firm. “Some of these only seem to contain the injected code for 24 hours, whilst others have remained compromised for weeks.”
It seems that the malware can turn the victim’s PC into a zombie machine that can be used maliciously in the future. And it also contacts its C&C so the hackers know which machines are infected and available to them.
The six stages of this malvertising campaign is recon, lure, redirect, exploit kit, dropper, and call home.
Malvertising has grown steadily to become a significant threat to many online organisations over the past few years. That said, other tech firms have followed Facebook’s lead to provide protection for their users.
Earlier this year, security researchers have spotted malware being distributed through malicious advertisements on popular adult website xHamster.
And fashion retailer Hugo Boss has also revealed that some of its adverts had been compromised, with malware appearing on the Huffington Post and several other news sites.
How much do you know about hacking? Take our quiz!
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform
View Comments
I use PureVPN and i am happy to say that i remained protected from this freak of tech