Incident Response, Malware, TDR

Researchers observe malvertising campaign possibly linked to Google ad reseller

Researchers with Fox-IT observed a malvertising campaign that appeared to be connected to a Google advertisement reseller.

“It appears as if all of engagelab.com, its advertisement & zone ID's are currently redirecting to a domain, which in its turn is redirecting to the Nuclear Exploit Kit, indicating a possible compromise at this reseller of Google advertisement services,” according to a Tuesday post.

The Nuclear Exploit Kit has been observed exploiting vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight, the post states.

Fox-IT later updated the post to indicate that they are no longer observing malicious redirects from the advertisement reseller. In another update, the security group announced that the payload has been identified as Pony Loader, which is malware that steals credentials and installs more malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.