The forgotten malvertising campaign


We’ve seen an upsurge in malvertising campaigns via Google searches in recent weeks. Several of the threat actors we’re tracking have improved their methods for evading detection across the supply chain. We believe that this evolution will have a real-world consequence, with business users becoming hacked as a result of harmful adverts, eventually leading to the deployment of malware and ransomware.

In this blog post, we look at a malvertising operation that appears to have gone completely unnoticed for at least several months. It is one-of-a-kind in how it fingerprints users and distributes time-sensitive payloads. When the user clicks on the download link, JavaScript code runs a system fingerprint, resulting in a second level of screening.

Read More…