Malvertising campaign running on 120 ad servers has affected millions of devices

Researchers found that more than 120 ad servers had been compromised by cybercriminals displaying malicious ads on millions of devices around the world.

The malicious ad campaign, codenamed Tag Barnakle, was first reported in April 2020. In the past year, the number of unpatched Revive open source ad servers has doubled, bringing the number of users into the millions, if not the hundreds.

Malicious ad campaigns usually require attackers to pose as advertising technology insiders and legitimate media buyers. However, according to researchers at Confiant, Tag Barnakle circumvents this problem by attacking the ad server’s infrastructure.

Barnacle Tag, on the other hand, is able to completely bypass this first hurdle by going for the jugular – the massive degradation of ad server infrastructure. They also likely have a return on investment that dwarfs that of their competitors, because they don’t have to spend a dime on advertising campaigns, wrote Elia Stein, an engineer and security researcher at Confiant.

The malicious ad campaign targeted more than 120 ad servers using Revive. They are usually used by companies who want to avoid using third-party ad servers by running one themselves.

Attackers upload a malicious payload to a compromised ad server and then use client-side fingerprinting and server-side cloaking to avoid detection. Here is an image of the Barnacle tag payload stream.

Source: Confante

In the news: Facebook is working on new audio tools, including a club project.

The researchers also noted that based on last year’s findings, attackers are more likely to target mobile devices – Android and iOS – than desktop computers.

Last year, Tag Barnakle discovered that a total of 60 ad servers serving ads on 360 websites directly, but indirectly, affected tens of thousands of websites, as the hacked ad servers were integrated into RTB (real-time bidding) with multiple ad exchanges. Malicious desktop ads were hidden behind fake Flash updates.

The scam seems to have moved to more portable devices, but the basics remain the same. Users are lured with VPNs, disguised security and protection applications that have hidden costs or install adware to take advantage of unsuspecting users.

Source: Confante

The researchers also discovered that the domain used in Propeller Ads was used to send malicious ads and payloads to Android and iOS users, just like in previous cases.

The compromises appear to affect some publishers with moderate traffic and many long-running websites, but the list also includes a significant number of ad platforms and media companies that have built their technology stacks on Revive, Stein said.

In the news: PlayStation Store for PS3 and PS Vita will remain online.

Leads the editorial team of . When he’s not writing, he likes to cycle or drink beer, just like his Manchester United rivals.

Contact Prayank via email: [email protected]

frequently asked questions

Why do cybercriminals use malvertising so often?

Malvertising and how it will be….

What is an attack?

learnin’ about application security

Can you get a virus by clicking on an ad?

Firewall – Malware – Malicious Software – Malware…

Related Tags:

malvertising casesmalvertising examplesmalvertising 2020malvertising attack examplesmalvertising preventiontypes of malvertising,People also search for,Feedback,malvertising cases,malvertising examples,malvertising 2020,malvertising attack examples,malvertising prevention,types of malvertising,how to prevent malvertising,adrozek malwarebytes


Leave a Reply

Your email address will not be published. Required fields are marked *