Miscreants turn to ad tech to measure malware metrics

2024-02-15 08:27

Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security.

The security group's Q4 2024 Threat Insights Report finds criminals have adopted ad tech tools to make their social engineering attacks more effective.

"Cyber criminals are applying the same tools a business might use to manage a marketing campaign to optimize their malware campaigns, increasing the likelihood the user will take the bait," explained Ian Pratt, global head of security for personal systems at HP, in a statement.

The DarkGate PDF malware campaign, for example, relies on ad tools.

Clicking on the fake OneDrive error message does not immediately download the malware payload. Rather, it routes the victim's click - containing identifiers and the domain hosting the file - through an advertising network and then it fetches the malicious URL, which is not evident in the PDF. "Using an ad network as a proxy helps the attacker to evade detection and collect analytics on who clicks their links," the report explains.

"Since the advertising network uses CAPTCHAs to verify real users to prevent click fraud, it's unlikely automated malware analysis systems would be able to scan the malware payload, leading to the risk of falsely classifying the file as safe."

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/15/malware_pdf_wolf_security/

#malware #tech