Categories: SecurityWorkspace

‘Taurus’ Malicious Ad Campaign Puts Data At Risk

A new malicious advertising campaign is being used to spread data-stealing malware including Smoke Loader and Taurus Project, security researchers have said.

Researchers at Malwarebytes said they first noticed the campaign being used to spread Smoke Loader and other malware beginning in late August.

In the past few days the “large” campaign grew to include Taurus Project, said Malwarebytes’ threat intelligence team in an advisory.

Taurus Project is a relatively new malware strain that appeared only in the spring of this year.

Malvertising

It was previously spread via malicious bulk emails, targeting users in the United States.

The new malvertising campaign makes Taurus more dangerous, since it can be installed on vulnerable systems that merely view a malicious ad.

The ads are being displayed on adult sites and target mostly visitors from the US, but also Australia and the UK, Malwarebytes said.

The malicious ads use the Fallout exploit kit, a popular drive-by hacking toolkit, which tries to install Taurus via vulnerable versions of Internet Explorer or Adobe Flash Player.

Taurus was originally based on another data-stealing malware tool called “Predator the Thief”.

It has many of the same capabilities as Predator, including the ability to steal login credentials from browsers, FTP, VPN and email clients and cryptocurrency wallets.

Because of the similarities, many security tools detect Taurus as Predator the Thief, Malwarebytes said.

Data theft

Both tools scrape the system for data to steal, then exfiltrate it before loading additional attack tools, such as SystemBC and QBot.

Malwarebytes said it’s becoming increasingly common for malware to combine data theft and the ability to load further malware.

“Stealers are a popular malware payload these days and some families have diversified to become more than plain stealers, not only in terms of advanced features but also as loaders for additional malware,” researchers said.

“Even though the threat actors behind Predator the Thief have appeared to have handed over a fork of their original creation and disappeared, the market for stealers is still very strong.”

Users can protect against drive-by hacking toolkits by keeping their systems up-to-date, since such tools generally rely on known security vulnerabilities that haven’t yet been patched.

Security experts say hacking activity has risen this year, as attackers seek to steal data from staff working from home due to the pandemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Intel, AWS To Collaborate On AI Chip In Major Win

AWS to work with Intel on designing, manufacturing AI data centre chip in significant win…

22 hours ago

Intel ‘Lost PlayStation 6 Chip Bid To AMD’

Intel reportedly lost bid to design, manufacture PlayStation 6 processor to AMD in blow to…

22 hours ago

US Sanctions Commercial Spyware Group

US issues new sanctions on Intellexa, Greece-based company founded by former Israeli military office, over…

23 hours ago

Pioneering Researcher Raises $230m For ‘Spatial’ AI Start-Up

Pioneering AI researcher Li Feifei raises $230m in venture funding for World Labs, with valuation…

23 hours ago

China ‘Closing Gap’ With West In AI

China rapidly closing gap with US and West on artificial intelligence and other areas, while…

24 hours ago

China Touts ‘Significant’ Advances In Chipmaking Tools

China's technology ministry says two upcoming chip manufacturing tools made 'significant breakthroughs', but still lag…

1 day ago