Article 5GSQR Millions of web surfers are being targeted by a single malvertising group

Millions of web surfers are being targeted by a single malvertising group

by
Dan Goodin
from Ars Technica - All content on (#5GSQR)
GettyImages_SkullCrossbonesBinaryCompute

Enlarge (credit: Getty Images)

Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit sites that, by all outward appearances, are benign.

Malvertising is the practice of delivering ads to people as they visit trusted websites. The ads embed JavaScript that surreptitiously exploits software flaws or tries to trick visitors into installing an unsafe app, paying fraudulent computer support fees, or taking other harmful actions. Typically, the scammers behind this Internet scourge pose as buyers and pay ad-delivery networks to display the malicious ads on individual sites.

Going for the jugular

Infiltrating the ad ecosystem by posing as a legitimate buyer requires resources. For one, scammers must invest time learning how the market works and then creating an entity that has a trustworthy reputation. The approach also requires paying money to buy space for the malicious ads to run. That's not the technique used by a malvertising group that security firm Confiant calls Tag Barnakle.

Read 13 remaining paragraphs | Comments

index?i=n1XERri02J0:5mAcwtur1bo:V_sGLiPB index?i=n1XERri02J0:5mAcwtur1bo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments