Category: Confiant – Medium

Introduction ScamClub is a prolific threat actor in the programmatic ad space known to carry out large-scale attacks with the purpose of scamming and defrauding their victims. ScamClub utilizes real-time bidding (RTB) integration with ad exchanges to push malicious JavaScript…

Read more →

Brand impersonation and “cloaked” call-centers scale the scam up to more than 50,000 people. Scammers raking in upwards of $800 per victim. Successful malvertising campaigns have two key components: cloaking and churn. Normal security efforts will look at a few websites…

Read more →

Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that target premium publishers and top-tier advertising platforms. The ones that are left, however, typically have little…

Read more →

Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that target premium publishers and top-tier advertising platforms. The ones that are left, however, typically have little…

Read more →

The DatalyMedia Cookie Dragon (source: MidJourney) Confiant’s broad coverage in ad tech gives us visibility on some of the darkest corners of the ecosystem. We are strong believers that to truly fight malvertisers, we have to understand their motives. Sometimes…

Read more →

image generated using OpenAI DALL·E models Intro While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants…

Read more →

Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker. In Internet parlance, “old” has a much younger meaning — domains, virtual servers, image assets — everything is now or never. So much so that many security vendors rely heavily…

Read more →

Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker. Continue reading on Confiant » This article has been indexed from Confiant – Medium Read the original article: CashRewindo: How to age domains for an investment…

Read more →

This article has been indexed from Confiant – Medium Photo by Michael Trimble on Unsplash Our previous blog provided an overview of Web3 phishing techniques and tactics, all of which continue to be relevant despite a recent economic downturn in the…

Read more →

This article has been indexed from Confiant – Medium Photo by Sara Kurfeß on Unsplash During the course of our work at Confiant, we see malicious activity on a daily basis. What matters the most for us is the ability to: Protect…

Read more →

This article has been indexed from Confiant – Medium The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”, and “NFT” have become household terms and the sector is growing so fast…

Read more →

This article has been indexed from Confiant – Medium In this blog post we take a trip downstream from malvertising delivery mechanisms and take a close up look at a fake Flash update landing page that was used to deliver…

Read more →

This article has been indexed from Confiant – Medium Photo by Hacker Noon on Unsplash What is Malvertising? A relatively new threat vector, Malvertising is a cyber-attack relying on ad networks and digital ads exposing virtually any internet user surfing the…

Read more →

This article has been indexed from Confiant – Medium Malvertising Threat Actor “Yosec” Exploits Browser Bugs To Push Malware (CVE-2021–1765, CVE-2021–30533) Most threat actors that operate via ad tech have embraced an operational shift over the last 2 years, leaning…

Read more →

This article has been indexed from Confiant – Medium Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising stock photo via Unsplash In this blog post we discuss an ongoing malvertising campaign that pushes search hijacking browser extensions. We take a…

Read more →

This article has been indexed from Confiant – Medium Photo by Lorenzo Lamonica on Unsplash At @ConfiantIntel we had some “luck” finding a new malware targeting the new Apple flagship M1 computers. I put “luck” between quotes, as we know when…

Read more →

Read the original article: Tag Barnakle One Year Later: 120+ More Revive Adserver Hacks Photo via Unsplash.com A year ago, we published a comprehensive disclosure that introduced Tag Barnakle, a threat actor whose specialty is the mass compromise of Revive…

Read more →

Read the original article: Tag Barnakle One Year Later: 120+ More Revive Adserver Hacks Photo via Unsplash.com A year ago, we published a comprehensive disclosure that introduced Tag Barnakle, a threat actor whose specialty is the mass compromise of Revive…

Read more →

Read the original article: Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801] Stock Photo Via Unsplash.com This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…

Read more →

Read the original article: Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801] Stock Photo Via Unsplash.com This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…

Read more →

Read the original article: Malvertising: Made in China via Pixabay (creative commons) Two loosely related cybercrime groups operating scores of fake ad agencies from China are so deeply embedded in the ad tech industry that they can launch attacks that…

Read more →

Read the original article: Malvertising: Made in China via Pixabay (creative commons) Two loosely related cybercrime groups operating scores of fake ad agencies from China are so deeply embedded in the ad tech industry that they can launch attacks that…

Read more →

Read the original article: Persistent malvertising attacker DCCBoost raged as the year faded 500k malicious ads served the week leading up to new years eve, over 25MM since. As Twenty-twenty was coming to a close, the Security and Threat Intelligence team…

Read more →

Read the original article: The Trend Of Client-Side Fingerprinting In Cloaked Landing Pages Photo by Alekon pictures on Unsplash This blog post will examine the client-side aspect of cloaking in non auto-redirect based malvertising chains. We will analyze the anatomy of…

Read more →

Read the original article: Browlock Malvertisers Abuse Unaddressed Denial-Of-Service Bugs That Sit Dormant For Years stock photo via Unsplash.com This blog post will dissect a tech support scam that we caught on a major publisher running via native-style tile ads,…

Read more →

Read the original article: Browlock Malvertisers Abuse Unaddressed Denial-Of-Service Bugs That Sit Dormant For Years stock photo via Unsplash.com This blog post will dissect a tech support scam that we caught on a major publisher running via native-style tile ads,…

Read more →

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 3 Internet Explorer CVE-2019–1367 Exploitation — part 3 Shellcode Analysis Extracting shellcode of Magnitude Exploit KIT After successful exploitation of CVE-2019–1367, malicious Magnitude Exploit Kit shellcode instructions are executed. First stubs are a simple shellcode loader…

Read more →

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 3 Internet Explorer CVE-2019–1367 Exploitation — part 3 Shellcode Analysis Extracting shellcode of Magnitude Exploit KIT After successful exploitation of CVE-2019–1367, malicious Magnitude Exploit Kit shellcode instructions are executed. First stubs are a simple shellcode loader…

Read more →

Read the original article: Internet Explorer CVE-2019–1367 In the wild Exploitation — prelude Internet Explorer CVE-2019–1367 In the wild Exploitation — prelude Photo by Darius Bashar on Unsplash CVE-2019–1367 background and in-the-wild exploitations There are some important aspects to know about CVE-2019–1367 before diving into…

Read more →

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 1 Internet Explorer CVE-2019–1367 Exploitation — part 1 Extracting the Exploit from the PCAP In this section we will go through the process of extracting the exploit from the pcaps generously provided by malware-traffic-analysis. Luckily for…

Read more →

Read the original article: Internet Explorer CVE-2019–1367 Exploitation — part 2 Internet Explorer CVE-2019–1367 Exploitation — part 2 In Part1 we explained CVE-2019–1367 vulnerability root cause. In this part we will discuss how this bug was exploited in the wild to achieve code execution. We…

Read more →

Read the original article: Malvertising, Site Compromise, And A Status Report On Drive-by Downloads Photo by Tianyi Ma on Unsplash This blog post will explore the details behind a recent spree of website hacks and the malicious payloads that were embedded…

Read more →

Read the original article: Malvertising, Site Compromise, And A Status Report On Drive-by Downloads Photo by Tianyi Ma on Unsplash This blog post will explore the details behind a recent spree of website hacks and the malicious payloads that were embedded…

Read more →

Read the original article: Confiant & Protected Media Uncover Mobile Billing Malvertiser Dubbed ‘wapSiphone’ Photo by Kelly Sikkema on Unsplash The following blog post is a collaborative disclosure between Confiant and Protected Media around a new malvertising threat actor that leverages…

Read more →

Read the original article: Confiant & Protected Media Uncover Mobile Billing Malvertiser Dubbed ‘wapSiphone’ Photo by Kelly Sikkema on Unsplash The following blog post is a collaborative disclosure between Confiant and Protected Media around a new malvertising threat actor that leverages…

Read more →

Read the original article: Tag Barnakle: The Malvertiser That Hacks Revive Ad Servers, Redirects Victims To Malware Stock photo via unsplash.com When we discuss sophisticated malvertisers, we usually talk of savvy cybercriminal media buyers who spawn fake agencies and run…

Read more →

Read the original article: Tag Barnakle: The Malvertiser That Hacks Revive Ad Servers, Redirects Victims To Malware Stock photo via unsplash.com When we discuss sophisticated malvertisers, we usually talk of savvy cybercriminal media buyers who spawn fake agencies and run…

Read more →

Exploring The Impact Of Malvertising On Government, ISPs & The Fortune 100   Advertise on IT Security News. Read the complete article: Exploring The Impact Of Malvertising On Government, ISPs & The Fortune 100

Read more →

Exploring The Impact Of Malvertising On Government, ISPs & The Fortune 100   Advertise on IT Security News. Read the complete article: Exploring The Impact Of Malvertising On Government, ISPs & The Fortune 100

Read more →

Fake Celebrity-Endorsed Bitcoin Scam Abuses Ad Tech to Net $1M in 1 Day   Advertise on IT Security News. Read the complete article: Fake Celebrity-Endorsed Bitcoin Scam Abuses Ad Tech to Net $1M in 1 Day

Read more →

Fake Celebrity-Endorsed Bitcoin Scam Abuses Ad Tech to Net $1M in 1 Day   Advertise on IT Security News. Read the complete article: Fake Celebrity-Endorsed Bitcoin Scam Abuses Ad Tech to Net $1M in 1 Day

Read more →

Fake Celebrity-Endorsed Scam Abuses Ad Tech to Net $1M in One Day   Advertise on IT Security News. Read the complete article: Fake Celebrity-Endorsed Scam Abuses Ad Tech to Net $1M in One Day

Read more →

Trending Client-Side Innovations In Malvertising Payloads   Advertise on IT Security News. Read the complete article: Trending Client-Side Innovations In Malvertising Payloads

Read more →

Trending Client-Side Innovations In Malvertising Payloads   Advertise on IT Security News. Read the complete article: Trending Client-Side Innovations In Malvertising Payloads

Read more →