Malicious Ads Take Video of You
By: Jim Stickley and Tina Davis
May 7, 2017
Researchers at the cyber security company Malwarebytes have come across a dangerous malvertising campaign that can infect a user’s computer with a banking Trojan from the same family as the infamous Gozi family. This means it uses creative techniques to bypass detection. It can also capture screen shots and videos on the infected device. It gets there when a user clicks on a malicious advertisement that is placed on a compromised website.
Here is how this one works. When users click on infected advertisements, they are redirected to a very realistic looking, but undoubtedly fake website for Capital World Option trading company. The IP address for the computer is checked and if it is rejected by the malware’s detection bypass methods, the users just stay on the decoy website. If it passes, the malware gets installed. According to the Malwarebytes blog on this topic, there are multiple sites that impersonate the trading company.
Always make sure security software is installed on all devices. This does not guarantee that your machine won’t be infected, but it is certainly a first line of defense for situations like these. Also, keep it updated with the latest versions.
In addition, beware of clicking on advertisements on the Internet. While many, if not most are harmless, there are still some that have been tampered with or mimicked just to cause you grief.
Malvertising hasn’t been a hot topic lately, but that doesn’t mean it isn’t still happening. Perhaps it’s not talked about so much because of ransomware and its rise to popularity as a tool of the cybercrime trade. According to the most recent Verizon Data Breach Investigations Report, ransomware is certainly on the increase and is the 5th most common malware functionality. However, malvertising is still going strong. It’s been used to infect devices several times before and it won’t likely stop. In this latest attack, the compromised ad networks include Popads and PlugRush. There are likely more, but they have not yet been identified.