Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to...

Adult popunder campaign used in mainstream ad fraud scheme

This blog post was authored by Jerome Segura Online advertising is a multi billion dollar industry with projected spending to reach over 600 billion U.S. dollars for 2022. It's not surprising that criminals are trying their hardest to abuse this ecosystem in any way that they can. One of the...

Is it game over for VR advergaming?

We’ve been warning about advergaming—the combination of virtual reality VR and ads—for years on the Labs Blog. I’ve given a few talks on the subject too, and how ad networks will slowly work their way into enclosed spaces formerly reserved for your head. They still might, but thanks to a recent...

What is Malvertising❓ Definition, Examples and Protect

Malvertising is a malicious advertisement, which can appear on almost any level of interaction between the user and web application. This malicious advertisement is used to spread viruses and malware to a user’s computer or supported device. It’s also important to notice that there is a little...

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, weve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One o...

Malvertising campaigns come back in full swing

Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight ...

FTC Slams Children’s App Developer for COPPA Violations

Children’s app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission FTC of illegally collecting children’s data without parental consent. HyperBeard‘s website says it’s the largest mobile game developer and publisher in Mexico, with various games suc...

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on...

Android Keyboard App Could Swindle 40M Users Out of Millions

Researchers are warning users to delete a popular Android keyboard app that, once downloaded, makes unauthorized purchases of premium digital content. Google told Threatpost it has removed the app from its Google Play marketplace – but researchers say it was downloaded on at least 40 million phon...

Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites. To be noted, hackers...

Volkswagen Giveaway Scam Peddles Ad Networks

A fake Volkswagen campaign is making its way across social media platforms, luring in victims with promises of a free Volkswagen car giveaway – but instead redirecting them to third-party ad servers. Victims are first sent messages via WhatsApp or Facebook, purporting to be from Volkswagen and...

Android Spyware Linked to Chinese SDK Forces Google to Boot 500 Apps

More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK could be leveraged to quietly install spyware on devices. The SDK, called Igexin, was developed by a Chinese company and may have been used to install malware that could,...

Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website. Malvertisements are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are...

Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website. Malvertisements are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are...

Half of Chrome Pageloads are HTTPS

First it was Mozilla, and now Google is the latest to confirm that encryption is inching closer toward becoming a standard building block for websites and web applications. Google reported yesterday that more than half of pages loaded on desktop versions of the Chrome browser are being done so ov...

Mac Adware 'OSX.Pirrit' Unleashes Ad Overload, For Now

Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has...

Malvertising Campaign Lands On Top Websites

Big-name websites were hit with a cunning malvertising campaign over the weekend that attempted to sneak TeslaCrypt ransomware on computers vulnerable to the potent Angler Exploit Kit. Top sites running the malicious ads included The New York Times owned NYTimes.com, Answers.com and AOL.com,...

Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem

More than five percent of all unique IP addresses accessing Google sites included some kind of ad injector software, and there are more than 50,000 of those injector browser extensions in use today, according to new research from Google. The company conducted the research over the course of sever...

Google Moving Toward Encrypted Ad Services

Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well...

Malvertising Abuses Real-Time Bidding on Ad Networks

Dark corners of the Internet harbor trouble. They’re supposed to. But what about when Yahoo, CNN.com, TMZ and other busy destination sites heave disaster upon visitors? That’s the challenge posed by malvertising, the latest hacker Golden Goose used in cybercrime operations and even in some target...