Malvertising | SC Media


Malvertising scheme abuses Yandex.Direct, targets Russian accountants with assorted malware


Cybercriminals are abusing the Yandex.Direct online advertising service in order to serve up malicious ads that target Russian accountants with the goal of infecting them with banking trojans and ransomware. Researchers from ESET have so far linked six malware programs to this campaign, which began in October and continues to this day. During periods of…

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug


A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight…

iPhone's are also susceptible to hacking.

Iphone malvertising app downloaded millions of times calls 22 known malicious servers


A compromised iPhone App was found to be using malware to infect users by calling 22 known malicious domains. Researchers at The Media Trust discovered that a compromised iPhone app which had been downloaded by millions across the globe was infecting user devices with persistent malware hidden within the ad’s style sheet which called the…

Malspam campaign leverages Boeing 737 Max tragedy


Threat actors are once again leveraging tragedy, this time sending spam messages concerning the recent Boeing 737 MAX crash which took place last week. The campaign was discovered by 360 Threat Intelligence Center researchers who posted about the malicious campaign on Twitter. Attackers are using topics regarding #Boeing 737 MAX 8 crash and seems an…

Malvertising attacks using polyglot images spotted in the wild


The malvertising space may be seeing an influx of more advanced threat actors according one research report that found polyglot images now being used to disguise malvertising attacks. Some malvertising attacks now use polyglot images. Polyglot images, which differ from their near cousins steganographic images primarily by not needing an external script to extract the…


Beauty camera apps malware not so pretty


Some beauty camera app users may end up seeing a bit more than they were hoping for as some of these are pushing unwanted ads and even pornographic material while others may steal your photos. Trend Micro researchers found several of these apps, identified as AndroidOS_BadCamera.HRX, available. The number of downloads from Google Play range…


FBI swats down massive, botnet-fueled ad fraud operation


With a heavy assist from private-sector cybersecurity and tech organizations, the FBI has dismantled a highly complex fraud network responsible for generating billions upon billions of fake online ad placements. In conjunction with the takedown, the U.S. Department of Justice yesterday announced a 13-count indictment filed against eight individuals, each a resident of either Russia,…

Assault and battery: Malvertising campaign checks user devices’ charge as anti-detection technique


A mobile malvertising campaign recently found targeting three digital advertising platforms has been using malware that checks a phone’s battery level as part of an unusual new technique for avoiding detection. In just the last three weeks, the operation has fraudulently generated millions of page views, as the malware redirects certain victims to an unspecified malicious…

Next post in Cybercrime