Reports reveal that some hacker group has been inserting their malicious ads on ad servers for the past nine months. The malicious ads indirectly send users to the malware sites where the users’ systems are infected.
Confiant, a cybersecurity firm discovered the ads hacking
campaign last month, although the malware campaign has been running since
August last year.
Confiant reported that the cybercriminals infiltrated
advertising servers that run outdated versions of the Revive open source ad server. The hackers infiltrated the
old servers and quietly appended malicious codes to current running ads. As a
result, the users clicking the ads would think they are clicking a genuine and
secure add, only to be redirected to a malware server without their notice
After the hackers have succeeded in loading the malicious ads on the legitimate sites, the code steals and redirects the visitors to sites that provide malware-infested files. The user may not easily realize that files are malware-laced because they are disguised as Adobe Flash Player updates.
Confiant revealed that it has discovered about 60 Revive ad
servers have been infiltrated with the malicious ads.
The cybersecurity firm said the hacking group, codenamed
Tag Barnake, has succeeded in loading its malicious ads on several thousands of
adverts. Also, the spreading rates of malicious ads have been enhanced through
real-time bidding (RTB) assimilations between ad services.
According to Confiant’s Senior Security
Engineer, Eliya Stein, only one infected RTB servers could raise the level of an
affected ad impression to 1.25 million per day.
“If we take a look at the volumes behind just one of
the compromised RTB ad servers – we see spikes of up to 1.25 [million] affected
ad impressions in a single day,” he said.
Stein further pointed out that Tag Barmakke is not a popular malwertiser version. The hacking groups using malvertising approach to hack systems and networks have not operated on this level for a long time The last time a group was as sophisticated and smart as this was in 2016
For the past years, many of the malvertising syndicates
have used a different operational strategy by setting up networks of phony
companies that purchase ads on genuine sites. After buying the legitimate ads,
they usually modify the ads and load malicious codes.
This old strategy has been used by hackers using ads to
perpetuate their hacking activities for the past few years. Some shady ad
networks can even afford to overlook the activities of some of these
malvertisers purchasing ads on their network since both parties benefit from
the deal.
But this new strategy completely overruns the ad company and takes charge of its servers to distribute malware via a malicious ad campaign.
Stein said this new method is not very popular and not the
easiest way to infiltrate systems through madvertisers. But it’s the most
effective because the hacker will have full control over the ad channel, while
still disguising as a legitimate ad server. However, once an ad server has been
compromised, it would be counted that the hackers have violated the laws.
The new malvertising method also has a different focus,
because not all malvertisers have the ability and skills set to go all out to
attack an ad serving system. So they chose to pay for an ad slot, which seems a
bit easier than expertly dismantling an ad server.
Stein and the Confiant security firm have been informing advertising companies about the current ad server hacking going on. But some of the advertisers have not responded with safe and secure measures to avoid being victims. As a result, the ad hacking group is still attacking some of these advert companies.
According to Stein, despite
his notifications, some ad servers are still compromised, which allows the ad
hackers to continue their hacking spree.
carder007 dumps cc with fullz