Malvertising | SC Media

Malvertising

Malvertising scam leverages domain names that sound like legit COVID-19 sites

A recently discovered malvertising campaign is hosting the Fallout exploit kit on attacker-controlled websites featuring domain names that falsely imply they provide useful information about the novel coronavirus. The ultimate goal is to infect victims with KPOT v2.0, an information and password stealer, according to a new blog post from the Avast Threat Intelligence team,…

Malvertising campaign spoofs Malwarebytes website to deliver Raccoon info-stealer

Malicious actors created a fake webpage that impersonates cybersecurity company Malwarebytes and were using it as a gateway in a malvertising campaign designed to infect victims with the Raccoon information stealer. The malvertisements, which likely appeared on adult websites, automatically redirected site visitors to the fake page without any customer interaction, according to the Malwarebytes…

Krampus-3PC malware redirects iPhone users to phishing pages

iPhone users who visited certain publishing websites that were compromised by a malvertising campaign may have gotten an unwelcome visit from the holiday Krampus. No, not the mythical monster that punishes naughty children around Christmastime. In this case, we’re referring to Krampus-3PC, a new mobile malware that seeks out victims’ device and session cookie information…

Researchers: WP-VCD malware is No. 1 in WordPress infections since August

Researchers at WordFence have eyed a recent uptick in attacks on WordPress involving WP-VCD backdoor malware. Since August 2019, no other WordPress-targeting malware has yielded a higher rate of new infections that WP-VCD, the company reported this week in a blog post and in-depth white paper. Such findings suggest that the malware, whose main purpose…

Capesand EK attacking IE, Flash vulnerabilities

The new Capesand exploit kit, possibly derived from an older EK, has been found being used to take advantage of Internet Explorer and Adobe Flash vulnerabilities. Trend Micro’s Elliot Cao, Joseph C. Chen and William Gamazo Sanchez came across Capesand while tracking a campaign that was using the Rig EK to DarkRAT and njRAT malware.…

Xhelper ad dropper adds to its list of victims

There has been a surge in activity surrounding the Xhelper Android ad dropper, with more than 45,000 devices being infected since the malware made its first appearance six months ago. In the past month an average of 131 devices were infected each day, with about 2,400 devices persistently infected throughout the month. The malware mostly…

Browser-hijacking Ghostcat malware haunts online publishers

The cat came back the very next day… and it keeps coming back. A malvertising operation designed to infect online publishers with browser-hijacking malware called Ghostcat-3PC has launched at least 18 separate infection campaigns in the last three months alone, according to a new report from the Digital Security & Operations (DSO) team at The…

Fileless malware campaign abuses legit tools Node.js and WinDivert

An attack campaign targeting primarily the U.S. and Europe is leveraging two legitimate tools, the Node.js framework and WinDivert, to install “fileless” malware that appears to either turn victims’ systems into proxies or perpetrates click fraud. Researchers from both Microsoft Corporation and Cisco Talos yesterday filed separate reports warning of this campaign, which they have…

Next post in Malware