Security News

New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions
2021-12-03 20:47

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individuals who are looking for popular software on search engines to present them links to download fake installers that drop a password stealer called RedLine Stealer, a Chrome extension dubbed "MagnatExtension" that's programmed to record keystrokes and capture screenshots, and an AutoIt-based backdoor that establishes remote access to the machine.

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
2021-05-27 07:34

Cybersecurity researchers on Wednesday publicized the disruption of a "Clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. AnyDesk's remote desktop access solution has been downloaded by more than 300 million users worldwide, according to the company's website.

WebKit Zero-Day Vulnerability Exploited in Malvertising Operation
2021-02-16 18:40

A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine. Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub.

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users
2021-01-20 17:18

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users.

Exposed Twilio SDK Abused for Malvertising Attack
2020-07-23 18:50

Cloud communications platform as a service company Twilio this week disclosed a security incident that resulted in hackers uploading a modified version of the TaskRouter JS SDK to its site. Designed to provide easy interaction with the Twilio TaskRouter, the SDK was hosted in an Amazon Web Services S3 bucket that was improperly secured, thus becoming accessible to the attackers.

Google Removes 500 Chrome Extensions Tied to Malvertising
2020-02-17 17:33

Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security. In a message to the researchers that it had removed the extensions, Google noted that it "Regularly sweeps to find extensions using similar techniques, code and behaviors and take down those extensions if they violate our policies."

WordPress sites hit by malvertising
2019-11-07 14:01

An old piece of malware is storming the WordPress community, enabling its perpetrators to take control of sites and inject code of their choosing.

Malvertising Attack Hijacks 1B+ Sessions With Webkit Exploit
2019-10-01 11:27

The eGobbler threat actor is back with a new malvertising campaign that has hijacked more than 1 billion sessions.

WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign
2019-09-03 16:20

An ongoing attack on websites has added new exploits and an administrative backdoor to its bag of tricks.

Malvertising Campaigns Skirt Ad Blockers, Serve Up Mac Malware
2019-07-31 20:43

The RIG exploit kit and Safari redirects are both in the adversaries' bag of tricks.