Malvertising | SC Media

Malvertising

Browser-hijacking Ghostcat malware haunts online publishers

The cat came back the very next day… and it keeps coming back. A malvertising operation designed to infect online publishers with browser-hijacking malware called Ghostcat-3PC has launched at least 18 separate infection campaigns in the last three months alone, according to a new report from the Digital Security & Operations (DSO) team at The…

Fileless malware campaign abuses legit tools Node.js and WinDivert

An attack campaign targeting primarily the U.S. and Europe is leveraging two legitimate tools, the Node.js framework and WinDivert, to install “fileless” malware that appears to either turn victims’ systems into proxies or perpetrates click fraud. Researchers from both Microsoft Corporation and Cisco Talos yesterday filed separate reports warning of this campaign, which they have…

WordPress Rich Review plugin vulnerable to malvertising

An estimated 16,000 WordPress websites are running a plugin that is vulnerable to unauthenticated plugin option updates. WordFence, a WordPress security solution provider, has reported that the plugin Rich Reviews has a vulnerability that is currently being abused and can be exploited to deliver stored cross-site scripting (XSS) payloads. This can result in malvertisements being…

Holy cybercrime, Batman! Joker malware commits ad fraud, data theft

Two dozen apps that collectively generated over 472,000 downloads from the Google Play store were found to be infected with a new Android malware called Joker, which delivers a payload that perpetrates both ad fraud and data theft, a research firm has reported. Joker’s second-stage malware is a .dex (Dalvik Executable) file capable of stealing…

ghostlyskullmobilemalware_826540

Glupteba malware exploits Bitcoin transactions to keep C2 servers updated

A recently discovered variant of the Glupteba dropper and backdoor trojan is capable of deriving command-and-control domains via tracked Bitcoin transactions. In addition to the primary backdoor payload, the Glupteba dropper also delivers two more components to victims’ machines: a browser stealer and router exploit, according to a blog post this week from Trend Micro,…

ShadowGate malvertising group serves up SEON ransomware via Greenflash Sundown exploit kit

The cybercriminal group ShadowGate has emerged from a long quiet period, launching a global malvertising campaign that redirects victims to the Greenflash Sundown exploit kit, in order to infect them with SEON ransomware, a cryptominer and the Pony credential-stealer. Also known as WordsJS, the ShadowGate group is more typically known for targeting Asia, especially South…

Sodinokibi ransomware campaigns span growing array of attack vectors

Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit. Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging…

Stegoware-3PC marks new high in adware sophistication

A new steganography campaign targeting iOS devices exploits demand-side adtech providers and adtech vendors to serve malware to millions of consumers. The Media Trust Digital Security and Operations team has detected that at least five publishers, three demand-side vendors, and 11 other adtech vendors have been used to spread the malware Stegoware-3PC residing in PNG files…

Malvertising scheme abuses Yandex.Direct, targets Russian accountants with assorted malware

Cybercriminals are abusing the Yandex.Direct online advertising service in order to serve up malicious ads that target Russian accountants with the goal of infecting them with banking trojans and ransomware. Researchers from ESET have so far linked six malware programs to this campaign, which began in October and continues to this day. During periods of…

Next post in Security News