Categories: SecurityWorkspace

‘Taurus’ Malicious Ad Campaign Puts Data At Risk

A new malicious advertising campaign is being used to spread data-stealing malware including Smoke Loader and Taurus Project, security researchers have said.

Researchers at Malwarebytes said they first noticed the campaign being used to spread Smoke Loader and other malware beginning in late August.

In the past few days the “large” campaign grew to include Taurus Project, said Malwarebytes’ threat intelligence team in an advisory.

Taurus Project is a relatively new malware strain that appeared only in the spring of this year.


It was previously spread via malicious bulk emails, targeting users in the United States.

The new malvertising campaign makes Taurus more dangerous, since it can be installed on vulnerable systems that merely view a malicious ad.

The ads are being displayed on adult sites and target mostly visitors from the US, but also Australia and the UK, Malwarebytes said.

The malicious ads use the Fallout exploit kit, a popular drive-by hacking toolkit, which tries to install Taurus via vulnerable versions of Internet Explorer or Adobe Flash Player.

Taurus was originally based on another data-stealing malware tool called “Predator the Thief”.

It has many of the same capabilities as Predator, including the ability to steal login credentials from browsers, FTP, VPN and email clients and cryptocurrency wallets.

Because of the similarities, many security tools detect Taurus as Predator the Thief, Malwarebytes said.

Data theft

Both tools scrape the system for data to steal, then exfiltrate it before loading additional attack tools, such as SystemBC and QBot.

Malwarebytes said it’s becoming increasingly common for malware to combine data theft and the ability to load further malware.

“Stealers are a popular malware payload these days and some families have diversified to become more than plain stealers, not only in terms of advanced features but also as loaders for additional malware,” researchers said.

“Even though the threat actors behind Predator the Thief have appeared to have handed over a fork of their original creation and disappeared, the market for stealers is still very strong.”

Users can protect against drive-by hacking toolkits by keeping their systems up-to-date, since such tools generally rely on known security vulnerabilities that haven’t yet been patched.

Security experts say hacking activity has risen this year, as attackers seek to steal data from staff working from home due to the pandemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago