Three major cyber-security vendors have detected a large malvertising campaign affecting very prominent websites with a viewership of over 2.4 Billion monthly.
Fron Trend Micro, Trustware and Malwarebytes, hackers have managed to show malicious ads using four different advertising networks. These ads are hijacking the user’s browsing experience and leading them to malicious sites hosting the Angler EK (exploit kit).
In case you aren’t familiar with Angler, it is a tool cyber-criminals use for analyzing the users coming via the malicious ads, separating them in potential victims, and then using exploits (software vulnerabilities) in the users’ local applications for infecting them with the crooks’ desired malware.
The Bedep clickfraud botnet was being delivered by Angler
Security researcher noticed Bedep malware most of the time in this particular instance. It’s a clickfraud bot that shows unwanted ads, and hijacks the user’s mouse, clicking on the ads and generating revenue for the malware’s operator.
In some cases, Trustware noted TeslaCrypt ransomware being distributed in place of Bedep malware through Angler, but the majority of infections sides with Bedep.
Google, AOL, Rubicon, and AppNexus are the four advertising platforms through which the malicious ads were delivered.
Even Microsoft’s MSN portal appeared with malicious ads
The malicious ads have been displayed on some of the biggest sites that include Microsoft’s MSN portal, the New York Times, the BBC, AOL, Comcast’s Xfinity, NFL, Realtor, the Weather Network, The Hill, and Newsweek.
Malwarebytes security researchers noted that there wasn’t happening much in the past few weeks for malvertising but things escalated in the past day with this campaign. They also detailed the recent tactics used in malvertising campaigns.