Two Israeli news outlets, The Times of Israel and The Jerusalem Post, are the targets of a recently discoverd malvertising campaign that could be spreading the Zemot Trojan.
A researcher at Malwarebytes wrote in a blog post earlier this week that the trojan is being served up through a typical exploitation chain, initiated by the Nuclear Exploit Kit. The exploit kit delivers Trojan.Agent.BPEN, which the researcher determined to be the Zemot Trojan. Zemot allows for additional malware strains to be installed on victims’ computers, further exposing them to attacks.
The malware’s command-and-control servers appear to be warzine.su and wildkit.su.
A Google ad service was among the affected URLs, as well as one that seemed to resemble Amazon Web Services.
The Times of Israel mainly caters to American readers, who account for 62 percent of its traffic. The same malvertising campaign also appears to have targeted The Jerusalem Post.