November 19, 2018

HookAds Malvertising Installing Malware via the Fallout Exploit Kit

A HookAds Malvertising Camping has been reported recently, for actively redirecting users to the Fallout exploit kit using online portal, adult and online gaming sites. An exploit kit is known to be as malicious code. The intention is to install the code silently in the targeted systems and find if there is any unpatched vulnerabilities available. That can be used to gain access and control.

In this case it has found the HookAds are mostly targeting windows vulnerabilities using Fallout kit. If anyone is identified, it is exploited and a malicious payload is downloaded. It was suspected various types of malwares are currently delivered via Fallout, which includes Banking Trojans, Information stealer, crypto-miner and ransomware.

According to nao_sec (Threat Analyst), there are two Malvertising campaign which has been detected. One is mainly delivering DanaBot banking payload and another one delivering two malwares together- The Nocturnal Information stealer and Globimposter ransomware binding inside the Fallout kit.

The threat actor behind the Malvertising campaign takes the advantage of cheap and low quality ad networks, which is mostly used in sites like online gaming, adult sites, online movies. The site owners are possibly not engaged every-time directly with the threat actor but still they served malicious adverts along with the legitimate ads and spread malicious scripts like Fallout Exploit. 


Post a Comment