Malvertising News, Articles and Updates

RIG exploit kit strikes again, cryptocurrencies malvertising campaign

A malvertising campaign uses decoy websites pushing cryptocurrencies and then redirects users to the RIG exploit kit, Malwarebytes Labs said.

Google's DoubleClick network exploited to serve cryptominers

A malvertising campaign was observed exploiting Google's DoubleClick network to deliver silent cryptominers on high-traffic sites.

Malvertising 'conglomerate' created 28 fake ad agencies to abuse platforms

A massive malvertising operation bought an estimated 1 billion ad views in 2017 under the guise of 28 different fake ad agencies, in what a new report is calling the largest operation of its kind last year.

Attackers exploit old WordPress to inject code enabling site redirection

Attackers exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.

RIG EK used to spread Matrix ransomware via malvertising

Matrix ransomware is now being distributed via the RIG exploit kit on various sites displaying malvertising.

Pornhub users hijacked by malvertising campaign malware infections

Kovter Group malvertising campaign put millions at risk of ad fraud malware infections. Fake browser updates hoodwink users into installing malware.

Rogue ads serve up tech support scams, believed from India

Tech support scammers abuse Taboola and native ads to spread scam malware

Over half a billion domains infected by RoughTed malvertising campaign

While it peaked in March 2017, the scourge has been rolling out for more than a year with a dark cornucopia encompassing scams and exploit kits that go after a broad range of targets using their operating system, browser and geolocation to inject the appropriate payload, Segura wrote.

The incredible story of third-Party script dangers - & how to stop them

Hadar Blutrich discusses some of the common ways of handling malware distribution through ads and suggests 'next generation sandboxes' around websites might be able to reduce of these risks.

Skimmer adware spent two months in Google Play

Checkpoint researchers spotted a malware, dubbed Skimmer, in the Google Play store which uses a unique and innovative tactics evade detection.

Chrome exploit allows Svpeng Trojan to bypass security measure; patch reportedly coming

Experts at Kaspersky Lab now understand how the mobile banking trojan Svpeng has been able to automatically download itself via malvertising ads while bypassing Google Chrome browser permissions.

Mac and Jeez! When will enterprise wake up to MacOS security threat?

A malvertising campaign has been discovered on Google AdWords, targeting Macs. Should businesses be getting up to speed with Mac threats?

Cerber 4.0 spotted in EKs just a month after 3.0 release

Trend Micro researchers have spotted several exploit kits delivering Cerber 4.0 ransomware just a month after the release of version 3.

Global malvertising campaign shuts down

The Shadowgate malware campaign has been halted by security firm Talos and hosting company GoDaddy

ICYMI: UAE VPN ban; Malvertising; Voice recognition, US drops SMS; Bitcoins stolen

The latest In Case You Missed It (ICYMI) looks at UAE's VPN ban; Hidden malvertising; Bank voice recognition; US drops SMS -2F; Bitcoins stolen.

Huge malvertising campaign uses steganography to hide malware in plain sight

By encoding malware in innocuous-looking images and only decoding it once the victim has been found to be "safe", creators of AdGholas managed to hide their malvertising campaign for over a year.

34% of Brits willing to sacrifice their online safety for weight loss

With summer just around the corner, people are looking for quick diet solutions online to get their bodies 'beach ready'. A third of Brits (34 percent) are willing to sacrifice their online safety to lose a few pounds by clicking on potentially malicious websites that offer to help 'lose belly fat'. gossip site serves up malicious ads - again, home to Hollywood and celebrity gossip news, has served up a new set of malicious ads to some of its half a million daily site visitors.

'Perfect storm' of ransomware, malvertising and phishing attacks follow 'Celebgate' forum breach

'Celebgate' forum breach leads to flood of ransomware, phishing attacks and malvertising malware on mobile site

ICYMI: Mouse gives up TOR, new body for recruitment, teen hackers arrested

In Case You Missed It: Researchers identify Tor users by their mouse, cyber-security recruitment body formed, teens arrested for hacking Instagram users and more...

New York Times, BBC and Newsweek dish up malvertising

An array of global entertainment, news and commentary sites have been hit with perhaps the largest malvertising campaign yet.

Teens arrested for hacking hundreds of key Instagram users

Police say two teenagers made tens of thousands of euros by hacking 'big' Instagram users with many thousands of followers.

Trustwave identifies whopping big new Angler campaign

Malvertising campaign discovered which is leveraging the good reputation of an abandoned domain name to get malicious ads on to popular sites.

RSA 2016: Fingerprinting the latest twist used for malvertising attacks

Malwarebytes released a new study at RSA 2016 this week that looks into the updated techniques and technologies being used in malvertising campaigns that are proving particularly hard for security analysts and advertisers to spot.

Joomla targeted in WordPress campaign that delivers TeslaCrypt

The cyber gang behind the ongoing WordPress malvertising campaign is now targeting Joomla sites.

Clean house to keep WordPress infection from coming back again and again

Malware keeps re-infecting sites and installing multiple backdoors in WordPress websites, according to a researcher from Sucuri Security.

Malicious Chrome extension inundates users with annoying popups

A malicious Google Chrome extension forces users to install it via its irritating installation popups and then spies on browser histories and sends them to a remote server.

Bot fraud will net criminals $7.2bn from advertising budgets in 2016

Advertisers are losing billions to ad-clicking botnets that generate fake traffic, according to a study by the Association of National Advertisers and security vendor White Ops.

Let's Encrypt certificates issued for malvertising campaign

The generosity of the free TSL certificate non-profit, Let's Encrypt, has been abused by malvertising cyber-criminals