Security researchers have uncovered a major malware advertising campaign that ran undetected for several weeks on a number of online ad networks potentially affecting millions of users’ systems.
Malwarebytes, which discovered the campaign, said it used a number of advanced tricks to avoid detection, with unusual care taken by those behind it to pose as legitimate advertisers.
Users who encountered the malicious ads were linked to a widely used exploit kit called Angler which attempted to carry out fraud schemes or install ransomware on the system. Ransomware typically encrypts a system and then demands payment to unlock the data.
The campaign ran on major websites including eBay UK, The Drudge Report and TalkTalk, and advertising networks including DoubleClick’s EMEA network, Malwarebytes said. DoubleClick did not immediately respond to a request for comment.
The attackers took an unusual degree of care in concealing themselves, refraining from implanting malware in the ads themselves and making use of web addresses that had been registered for years, some of which were even registered with the Better Business Bureau. They submitted their ads through standard ad bidding schemes.
“This decoy worked well enough to fool many ad networks with direct ties to the major ones in the online ad industry,” Malwarebytes wrote. “The ads themselves were not booby trapped at all, which again made it more difficult to spot something suspicious.”
The attackers used encrypted traffic and URL shorteners, amongst other means, to conceal the fact that traffic was being redirected to malicious servers, the firm said.
The company argued that such schemes are continuing to be successful in part because advertisers are allowed to serve their content from their own systems, giving them complete control over the ad-serving process and thus a direct link to those viewing the ads.
“The ad could be clean or booby trapped, but the rogue actors are in full control of the delivery platform and can instruct it to perform nefarious actions that will easily bypass most security checks,” the firm said
Malwarebytes said the numerous attacks using major websites and ad networks that have been reported in recent weeks are only the “tip of the iceberg”.
“There are some campaigns that are so advanced that no one will ever see or hear about them,” the firm stated.
Are you a security pro? Try our quiz!
Rights group argues ChatGPT tendency to generate false information on individuals violates GDPR data protection…
European Commission says Apple's iPadOS is 'gatekeeper' due to large number of businesses 'locked in'…
As the cloud continues to be an essential asset for all businesses, developing and maintaining…
Internatinal conference in Vienna calls for controls on AI-powered autonomous weapons to ensure humans remain…
Major Taiwan chip assembly and test firm KYEC to sell Jiangsu subsidiary, exit mainland China…
As deepfake technology continues to blur the lines between reality and deception, businesses and individuals…