malvertising
-
Fake Microsoft Teams installers promoted in search ads deliver Oyster backdoor, researchers say
Search ads and SEO poisoning have been used to promote fake Microsoft Teams installers that deliver the Oyster backdoor to Windows machines, researchers said; the trojanized installer drops a DLL and creates a scheduled task for persistence.
-
Vane Viper identified as a major malvertising operator, DNS-driven adtech network linked to trillions of queries
A deep-dive by Infoblox, with Guardio and Confiant, accuses the threat actor Vane Viper of running a vast malvertising and adtech operation that generated about 1 trillion DNS queries across thousands of compromised sites. The network leverages push notifications and service workers to stay persistent, links to major adtech players like PropellerAds, and has expanded…
-
Mac ad campaign impersonating brands pushes macOS credential stealer, LastPass warns
Security researchers warn of a malvertising campaign that uses search ads to impersonate LastPass and other services, delivering the Atomic Stealer/Amos Stealer on macOS via fraudulent GitHub pages; LastPass says takedowns are underway and IoCs are shared.
-
Two campaigns push fake Meta Verified extensions to steal Facebook data, researchers say
Cybersecurity researchers uncovered two malvertising campaigns distributing fake Meta Verified browser extensions and rogue Chrome tools aimed at Meta advertisers, stealing Facebook cookies and account data with the goal of selling compromised assets and fueling further malvertising.
-
TamperedChef information stealer emerges in malvertising campaign promoting AppSuite PDF Editor
Cybersecurity researchers have identified a malvertising campaign delivering a backdoored PDF editor, AppSuite PDF Editor, that drops a new information stealer dubbed TamperedChef. The operation leverages Windows Registry persistence, a C2-enabled backdoor, and widespread Google ad campaigns to maximize downloads.
-
Hackers exploit trusted Microsoft redirects and ADFS to steal Microsoft 365 logins, researchers say
Researchers describe a phishing campaign that uses legitimate office.com redirects and a misconfigured Microsoft tenant with ADFS to harvest Microsoft 365 credentials, bypassing some security controls. The attack chain begins with a misleading Google ad for “Office 265,” redirects through Office to a phantom domain, and uses conditional access restrictions to conceal the page from…
-
Massive Malware Campaign Infects Over 269,000 Websites with Malicious JavaScript
A cybersecurity alert has been issued following the compromise of over 269,000 websites by a malware campaign utilizing malicious JavaScript code, showcasing significant vulnerabilities in online security measures.
