Researchers spotted a video malvertising campaign that they say has been running as a VPAID video ad on the LiveRail platform since early September.
The payload of the attack, dubbed BrtMedia, has four main components that will ultimately loop through all ad formats on a webpage and replace them with its own ads while injecting a bogus website on the page to profit from the fake video ads it generates, according to a Nov. 24 Malwarebytes blog post.
The attack has a reach across Europe, the U.S. and Canada and is hitting all major ad platforms, the report said. Researchers said the fact that it was able to stay under the radar for two months using unsophisticated techniques highlights the need for the industry to deal with the threat of video malware.
Researchers said attacks like this are becoming more common because advertisers have switched from the more secure VAST platform to the less secure VPAID platform.