North and South America, Europe, Africa, and Asia have been targeted by malvertising campaigns by sophisticated threat actor CashRewindo that leverage aged domains, BleepingComputer reports.
Domains registered at least two years old before having their certificates and virtual servers updated and assigned, respectively, are being used by CashRewindo in an effort to evade detection by security tools, a report from Confiant revealed. Some of the at least 487 domains used by CashRewindo have been registered as early as 2008 but have only been used this year.
Infected ads utilized by CashRewindo to redirect to the malicious domains have been observed to have tonal shifts so as to prevent detection of "strong language" on sites, as well as feature a tiny red circle to bypass fraud detection.
CashRewindo has also been configuring its scams based on targeted audiences. The U.S. is the 13th most targeted location of the malvertising campaign, while most attacks have been aimed at Windows devices.