Threat Management

Old domains leveraged in global malvertising campaigns

North and South America, Europe, Africa, and Asia have been targeted by malvertising campaigns by sophisticated threat actor CashRewindo that leverage aged domains, BleepingComputer reports. Domains registered at least two years old before having their certificates and virtual servers updated and assigned, respectively, are being used by CashRewindo in an effort to evade detection by security tools, a report from Confiant revealed. Some of the at least 487 domains used by CashRewindo have been registered as early as 2008 but have only been used this year. Infected ads utilized by CashRewindo to redirect to the malicious domains have been observed to have tonal shifts so as to prevent detection of "strong language" on sites, as well as feature a tiny red circle to bypass fraud detection. CashRewindo has also been configuring its scams based on targeted audiences. The U.S. is the 13th most targeted location of the malvertising campaign, while most attacks have been aimed at Windows devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.