Malvertisers Redirecting To Scam Sites Via Browser Zero-day

Researchers with Confiant Security are reporting that “ScamClub” malvertisers are exploiting a browser zero day to redirect traffic to scam sites. Their report says: “Active for at least several years now, ScamClub malvertisements are defined mainly by forced redirections to scams that offer prizes to “lucky” users, like the all too ubiquitous “You’ve won a Walmart giftcard!” or “You’ve won an iPhone!” landing pages. Over the last 90 days, ScamClub has delivered over 50MM malicious impressions, maintaining a low baseline of activity augmented by frequent manic bursts — with as many as 16MM impacted ads being served in a single day.” Cybersecurity experts offer thoughts.

Experts Comments

February 17, 2021
Garret F. Grajek
CEO
YouAttest

It's important to note that the malware that is being implanted into these browsers can also contain multiple payloads. That is the payload may not just be confined to malvertising material - but can also contain more traditional enterprise attacking payloads where corporate and other credentials are collected and directed back to the command and control center. These traditional credential collectors can be used to attack BOTH individuals and enterprises.

 

This is why enterprises need to

.....Read More

It's important to note that the malware that is being implanted into these browsers can also contain multiple payloads. That is the payload may not just be confined to malvertising material - but can also contain more traditional enterprise attacking payloads where corporate and other credentials are collected and directed back to the command and control center. These traditional credential collectors can be used to attack BOTH individuals and enterprises.

 

This is why enterprises need to insure that they are able to monitor their accounts and account privileges for nefarious usage and for nefarious privilege escalation that may result from these browser based attacks or other identity manipulation means.

  Read Less
February 17, 2021
Saryu Nayyar
CEO
Gurucul

The recent revelation of a Malvertising group leveraging an exploit in the commonly used WebKit framework is concerning, while the very existence of a Malvertising group like ScamClub shows, again, how malicious actors have turned cybercrime into a lucrative business.  Attacks like this can be a challenge to mitigate for home users, beyond keeping their patches up to date relying on an ISP provided or 3rd party service to block known malicious DNS domains.  Organizations have a similar

.....Read More

The recent revelation of a Malvertising group leveraging an exploit in the commonly used WebKit framework is concerning, while the very existence of a Malvertising group like ScamClub shows, again, how malicious actors have turned cybercrime into a lucrative business.  Attacks like this can be a challenge to mitigate for home users, beyond keeping their patches up to date relying on an ISP provided or 3rd party service to block known malicious DNS domains.  Organizations have a similar challenge with the sheer volume of malicious ads, but can benefit from enabling the same techniques and security analytics that can help identify malicious activities by their behaviors.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.