Malvertising | SC Media

Malvertising

ShadowGate malvertising group serves up SEON ransomware via Greenflash Sundown exploit kit

The cybercriminal group ShadowGate has emerged from a long quiet period, launching a global malvertising campaign that redirects victims to the Greenflash Sundown exploit kit, in order to infect them with SEON ransomware, a cryptominer and the Pony credential-stealer. Also known as WordsJS, the ShadowGate group is more typically known for targeting Asia, especially South…

Sodinokibi ransomware campaigns span growing array of attack vectors

Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit. Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging…

Stegoware-3PC marks new high in adware sophistication

A new steganography campaign targeting iOS devices exploits demand-side adtech providers and adtech vendors to serve malware to millions of consumers. The Media Trust Digital Security and Operations team has detected that at least five publishers, three demand-side vendors, and 11 other adtech vendors have been used to spread the malware Stegoware-3PC residing in PNG files…

Malvertising scheme abuses Yandex.Direct, targets Russian accountants with assorted malware

Cybercriminals are abusing the Yandex.Direct online advertising service in order to serve up malicious ads that target Russian accountants with the goal of infecting them with banking trojans and ransomware. Researchers from ESET have so far linked six malware programs to this campaign, which began in October and continues to this day. During periods of…

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug

A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight…

Malspam campaign leverages Boeing 737 Max tragedy

Threat actors are once again leveraging tragedy, this time sending spam messages concerning the recent Boeing 737 MAX crash which took place last week. The campaign was discovered by 360 Threat Intelligence Center researchers who posted about the malicious campaign on Twitter. Attackers are using topics regarding #Boeing 737 MAX 8 crash and seems an…

Malvertising attacks using polyglot images spotted in the wild

The malvertising space may be seeing an influx of more advanced threat actors according one research report that found polyglot images now being used to disguise malvertising attacks. Some malvertising attacks now use polyglot images. Polyglot images, which differ from their near cousins steganographic images primarily by not needing an external script to extract the…

GooglePlay

Beauty camera apps malware not so pretty

Some beauty camera app users may end up seeing a bit more than they were hoping for as some of these are pushing unwanted ads and even pornographic material while others may steal your photos. Trend Micro researchers found several of these apps, identified as AndroidOS_BadCamera.HRX, available. The number of downloads from Google Play range…

Next post in Mobile Security