430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Trustwave discovered the first political malvertising campaign

Experts at Trustwave observed a group of cyber criminals helping spread pro-Russia propaganda by inflating video views with a malvertising campaign. Security experts at Trustwave have discovered a botnet, originally designed for malvertising purpose, used redirect unaware users to view some pro-Russian videos on the website DailyMotion. The event is very interesting due to the political motivation […]

Trustwave discovered the first political malvertising campaign

Experts at Trustwave observed a group of cyber criminals helping spread pro-Russia propaganda by inflating video views with a malvertising campaign.

Security experts at Trustwave have discovered a botnet, originally designed for malvertising purpose, used redirect unaware users to view some pro-Russian videos on the website DailyMotion.

The event is very interesting due to the political motivation behind the attack as explained Trustwave.

“We recently observed what seems to be a group of cyber criminals helping spread pro-Russia messaging by artificially inflating video views and ratings on a popular video website.”wrote Rami Kogan of Trustwave’s SpiderLabs, in a blog post on Thursday. “We can’t know for sure who’s behind the fraudulent promotion of video clips, but it appears to be politically motivated,” 

The event is unusual for the security community, the experts at Trustwave explained that this is the first time they have observed the tactic used to promote video clips with a seemingly political agenda by inflating the number of views.

The threat actors behind the malvertising campaign used the Angler exploit kit to infect victims with the Bedep trojan, recently used to hit also the adult web site xHamster. According to the experts, the victims were infected after they visited a tourism website that hosted the Angler exploit kit.

Some of the computers were also redirected to domains hosting other exploit kits such as Neutrino and Magnitude in order to server further malicious code.

The infected machines were forced to browse sites to generate ad revenue, as well as, to visit a number of pro-Russia videos.

malvertising pro Russia Angler exploit kit

One of the videos promoted through the malvertising campaign is related to the Russian position on the dispute with the Ukraine in Crimea, meanwhile others are related to Russian political and military issues. The technique allows bad actors to collect around 320,000 views for each video.

The choice of the Bedep malware is not casual, bad actors exploited its ability to use a hidden virtual desktop on the infected computer and runs a fully-featured Internet Explorer instance, in this way the victims will never notice the visits to the propaganda videos and websites hosting advertisements.

“The objective of ad fraud is to generate fake traffic to ads and receive compensation based on traffic volume. Obviously, more compromised computers leads to more traffic directed to the ads which leads to more revenue for the fraudster. Usually the party that pays for ad views will perform validity checks to filter out invalid ad impressions.” states the report.

Researchers at Trustwave also discovered that threat actors behind the malvertising campaign is selling traffic from the infected machines to other criminal crews that use it to redirect it to compromised websites.

The videos have been removed from DailyMotion at the time I’m writing.

Pierluigi Paganini

(Security Affairs – malvertising, Russia)