Welcome to the

AdGuardian Plus Blog


Malvertising campaign affected millions of innocent users

Malicious websites and malvertising

A malvertising campaign was behind the breach of more than 120 servers. Over the past year. “Tag Barnakle” managed to inject code, in order to show malicious ads. The ads would redirect users to malicious websites. Thus, it exposes them to malware or scamware.

What is a malvertising campaign?

A malvertising campaign is the practice hackers use to incorporate malware in online ads. Usually, operators infiltrate the ad-tech systems, buy space on legitimate websites and then run malicious ads. In order to do this, they use “convincing personas”.

But Tag Barnakle is different, as it can bypass this step. Thus, it manages to “mass compromise the ad serving infrastructure,” according to Eliya Stein, Confiant security researcher.

Stein mentioned that this leap comes after the same campaign managed to compromise 60 servers in April, last year. The infections targeted the open-source Revive advertising server.

An upgrade to reach different devices

The malvertising campaign seems to keep the same path, but villains managed to upgrade their tools. So, hackers can target mobile devices, after last year they focused only on desktop computers. “Tag Barnakle is now pushing mobile targeted campaigns,” Stein added.

During this campaign, websites which receive ads through hacked servers use users’ data and deliver a JavaScript payload, later. These redirect then users to malicious websites. The main purpose is to lure them to a fake app store.

There, they list fake apps (security, safety, or VPN) that also carry hidden subscription costs. Also, some of them hijack the traffic for a second time.

According to Confiant, the reach of Tag Barnakle might be of “hundreds of millions of devices.” This happens because an important number of ad platforms and media companies use Revive’s server solution.

Stein considers this a “conservative estimate,” as hackers lure their victims with low frequency. The reason is “to slow down detection of their presence.”

Laurentiu Titei
About author

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.
Related posts

Digital Advertising practices, under the pressure of fines


Advertising discrimination, addressed by huge companies


Ad fraud might hit $100B, advertising companies worry


The ad-based business model: Would Facebook change it?

Leave a Reply

Your email address will not be published. Required fields are marked *