Skip to main content

Large malvertising campaign exposed

A large malvertising campaign was spotted by researchers at Malwarebytes, one which was in operation for at least three weeks and put a large number of people at risk.

According to a report by the security firm, the malvertising campaign automatically redirected users to a casino website that was used as a decoy, while the Angler Exploit Kit was downloaded.

This is one of the largest malvertising campaigns in recent months, Malwarebytes says, going through 10 different ad domains receiving massive volumes of Internet traffic.

How it was possible for such a large operation to stay hidden has quite a logical explanation – “the attack preyed on visitors to sketchy websites offering anything from torrents of copyrighted movies, live streams of the latest flicks, or pirated software,” the company wrote in a blog post.

Since the campaign targeted “dubious publishers”, as Malwarebytes puts it, as well as users who knew they were consuming illegal content, no one was keen on reporting any incidents.

Researchers said in the blog that the ad networks were almost all registered via "Domains By Proxy LLC, meaning no information was available about the registrant but they were all through GoDaddy and on the same ASN: AS15169,” according to the post.

Segura said the researchers were able to identify one of the ad networks as AdCash and that they believe that all of the malicious ad networks were ran by AdCash because they used the same ad call parameters.

A list of malware hashes is available and can be found on the Malwarebytes blog.