Of all the things that online advertising could be used for, spreading malware is the one that throws you off the list by surpassing them all.
Not of late, researchers found out a recent ‘Malvertising’ campaign and sources say that it was done by way of the “Domen Social Engineering Toolkit”.
‘Malvertising’ (malicious advertising) could be defined as using online advertising means for spreading malware. Most typically it is done by inserting malware or malicious advertisements into legitimate advertising web pages or networks.
Per informed sources, this campaign was uncovered while trying to influence a VPN service as bait. It displayed a group of domains that gave Domen’s attack mechanism a fresh bend.
The construction of the campaign, as mentioned in reports, was such that ‘search-one[.]info’ was comprised in it as the ‘fake’ page, ‘mix-world[.]best’ as the download site and ‘panel-admin[.]best as the backend panel.
As revealed in reports, the campaign managed to redirect the users and bare them to ‘Smoke Loader’. This is conceivably a downloader that installs secondary payloads. And that’s what it did. They consisted of a ‘Vidar stealer’, ‘Buran ransomware’ and ‘IntelRapid cryptominer’.
Need not to mention, this campaign isn’t the first one to surface which was focused on payloads. Women's malvertising per source had commenced in September last year. The social engineering toolkit was employed to exploit the website and fool users into clicking on a fake ‘Adobe Flash Player’ update. The clicking would start a download of “download.hta”. Afterward, by way of employing PowerShell to connect to “xyxyxyxyxy[.]xyz”, only to download the 'NetSupport Remote Access Trojan' (RAT), later.
With amplification in the usage of the internet and online means, it becomes a top priority to build up a structured and strong defense mechanism to fight and prevent Malvertising.
Hiring security professionals is a safe pre-requisite and a building block towards creating the defense structure. Keeping abreast of the latest updates and patches must be a primary priority.
Word has it that in most cases the ‘exploit kits’ are employed to disseminate the malware payloads. Hence the organizations should have a clear account of all its obstruction points so that Malvertising campaign’s attack payloads could be detected and dealt with in time.