A HookAds Malvertising Camping has been
reported recently, for actively redirecting users to the Fallout exploit kit
using online portal, adult and online gaming sites. An exploit kit is known to
be as malicious code. The intention is to install the code silently in the
targeted systems and find if there is any unpatched vulnerabilities available.
That can be used to gain access and control.
In this case it has found the HookAds are
mostly targeting windows vulnerabilities using Fallout kit. If anyone is
identified, it is exploited and a malicious payload is downloaded. It was
suspected various types of malwares are currently delivered via Fallout, which
includes Banking Trojans, Information stealer, crypto-miner and ransomware.
According to nao_sec (Threat Analyst),
there are two Malvertising campaign which has been detected. One is mainly
delivering DanaBot banking payload and another one delivering two malwares
together- The Nocturnal Information stealer and Globimposter ransomware binding
inside the Fallout kit.
The threat actor behind the Malvertising
campaign takes the advantage of cheap and low quality ad networks, which is
mostly used in sites like online gaming, adult sites, online movies. The site
owners are possibly not engaged every-time directly with the threat actor but
still they served malicious adverts along with the legitimate ads and spread
malicious scripts like Fallout Exploit.
0 comments:
Post a Comment