Malvertising | SC Media

Malvertising

Malspam campaign leverages Boeing 737 Max tragedy

Threat actors are once again leveraging tragedy, this time sending spam messages concerning the recent Boeing 737 MAX crash which took place last week. The campaign was discovered by 360 Threat Intelligence Center researchers who posted about the malicious campaign on Twitter. Cybercriminals posing as a “private intelligent analyst” are sending spam loaded with malware…

Malvertising attacks using polyglot images spotted in the wild

The malvertising space may be seeing an influx of more advanced threat actors according one research report that found polyglot images now being used to disguise malvertising attacks. Polyglot images, which differ from their near cousins steganographic images primarily by not needing an external script to extract the payload, have been spotted in the wild,…

GooglePlay

Beauty camera apps malware not so pretty

Some beauty camera app users may end up seeing a bit more than they were hoping for as some of these are pushing unwanted ads and even pornographic material while others may steal your photos. Trend Micro researchers found several of these apps, identified as AndroidOS_BadCamera.HRX, available. The number of downloads from Google Play range…

Arrest

FBI swats down massive, botnet-fueled ad fraud operation

With a heavy assist from private-sector cybersecurity and tech organizations, the FBI has dismantled a highly complex fraud network responsible for generating billions upon billions of fake online ad placements. In conjunction with the takedown, the U.S. Department of Justice yesterday announced a 13-count indictment filed against eight individuals, each a resident of either Russia,…

Assault and battery: Malvertising campaign checks user devices’ charge as anti-detection technique

A mobile malvertising campaign recently found targeting three digital advertising platforms has been using malware that checks a phone’s battery level as part of an unusual new technique for avoiding detection. In just the last three weeks, the operation has fraudulently generated millions of page views, as the malware redirects certain victims to an unspecified malicious…

Top browsers exploited in first day of Pwn2Own

Partnerstroka tech support scammers creatively lock up users’ browsers

A cybercriminal group specializing in tech support scams has been employing an array of traffic distribution techniques, including malvertising, in order to reroute online users to browser locker pages. The actor, “Partnerstroka” — named after one of its malicious code strings — has even adopted a novel technique for locking Chrome browsers that involves the…

New Fallout exploit kit peppers malvertising victims with GandCrab, SmokeLoader malware

Attackers are leveraging a newly discovered exploit kit in an international malvertising campaign that’s been observed delivering GandCrab ransomware and the SmokeLoader malicious downloader, as well as engaging victims in social engineering scams. Nicknamed Fallout, the kit exploits a remote code execution vulnerability in outdated versions of the Windows VBScript engine and an arbitrary code…

Next post in Cybercrime