Welcome to the

AdGuardian Plus Blog

News

Malvertising campaign affected millions of innocent users

Malicious websites and malvertising

A malvertising campaign was behind the breach of more than 120 servers. Over the past year. “Tag Barnakle” managed to inject code, in order to show malicious ads. The ads would redirect users to malicious websites. Thus, it exposes them to malware or scamware.

What is a malvertising campaign?

A malvertising campaign is the practice hackers use to incorporate malware in online ads. Usually, operators infiltrate the ad-tech systems, buy space on legitimate websites and then run malicious ads. In order to do this, they use “convincing personas”.

But Tag Barnakle is different, as it can bypass this step. Thus, it manages to “mass compromise the ad serving infrastructure,” according to Eliya Stein, Confiant security researcher.

Stein mentioned that this leap comes after the same campaign managed to compromise 60 servers in April, last year. The infections targeted the open-source Revive advertising server.

An upgrade to reach different devices

The malvertising campaign seems to keep the same path, but villains managed to upgrade their tools. So, hackers can target mobile devices, after last year they focused only on desktop computers. “Tag Barnakle is now pushing mobile targeted campaigns,” Stein added.

During this campaign, websites which receive ads through hacked servers use users’ data and deliver a JavaScript payload, later. These redirect then users to malicious websites. The main purpose is to lure them to a fake app store.

There, they list fake apps (security, safety, or VPN) that also carry hidden subscription costs. Also, some of them hijack the traffic for a second time.

According to Confiant, the reach of Tag Barnakle might be of “hundreds of millions of devices.” This happens because an important number of ad platforms and media companies use Revive’s server solution.

Stein considers this a “conservative estimate,” as hackers lure their victims with low frequency. The reason is “to slow down detection of their presence.”

Laurentiu Titei
About author

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.
Related posts
News

A global coalition to fight the ransomware pandemic

News

The saga goes on: Google tracking cookies die hard

NewsPrivacy Tips

Surveillance advertising comes under more pressure

News

“World's largest data breach” brings IAB to the court

Leave a Reply

Your email address will not be published. Required fields are marked *