22 Apr 2019

Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug

A malvertising campaign launched last week takes advantage of an unpatched software vulnerability in the iOS version of Google Chrome, putting about half a billion users at risk. The threat actor behind the attack has been identified as the eGobbler gang, a cybercriminal group known for launching malvertising campaigns around

Read More
08 Jan 2019

GandCrab Operators Use Vidar Infostealer as a Forerunner

In a disturbing two-stage malvertising attack campaign that highlights the increasingly complex nature of cyber attacks, the threat actors behind the infamous GandCrab ransomware have added Vidar, an information-stealing Trojan to their arsenal. In the first stage of the attack, the Fallout Exploit Kit is used to distribute Vidar. After

Read More
01 Aug 2018

Advanced “Malvertising” Campaign Exploits Online Advertising Supply Chain

A “Malvertising” campaign has used legitimate online advertising supply chains to distribute malicious adverts around the world. Because the return from clicks on malicious ads is so instantaneous, the posters are willing and able to outbid legitimate advertisements. “The ads often contain malicious code that exploits unpatched vulnerabilities in browsers

Read More
07 Jun 2016

The Ultimate Targeted Attack: Malvertisments

I’ve been in evil genius mode with Lou a few times on this. The advertising networks provide a tremendous amount of granularity that can be used for very focused attacks. For network defenders, they can also be very useful for attribution operations as well.

Read More