Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-01-21 | 9 | Threat actors exploiting malvertising and brand spoofing to deploy infostealers and propagate fraud — Silent Push Threat Intelligence | ||
| Details | Website | 2024-01-15 | 10 | Risky Biz News: Chinese APT hacks 30% of Cisco RV320/325 routers | ||
| Details | Website | 2024-01-09 | 3 | A Year in Review: 2023 HUMAN Product Releases | ||
| Details | Website | 2024-01-01 | 113 | The Mac Malware of 2023 👾 | ||
| Details | Website | 2023-12-20 | 11 | Risky Biz News: FBI disrupts AlphV/BlackCat ransomware; | ||
| Details | Website | 2023-12-08 | 0 | HTC confirms cyber attack | ||
| Details | Website | 2023-11-20 | 1 | Risky Biz News: DIALStranger vulnerabilities disclosed after four years | ||
| Details | Website | 2023-11-20 | 0 | Black Friday & Cyber Monday | A Guide to Avoiding Cyber Scams During the Holidays | ||
| Details | Website | 2023-11-17 | 10 | Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware | ||
| Details | Website | 2023-11-17 | 0 | Visa: AI Adds to the Cyberthreats Holiday Shoppers Will Face | ||
| Details | Website | 2023-11-17 | 0 | — | ||
| Details | Website | 2023-11-16 | 0 | Adware activity doubles in Q3 | ||
| Details | Website | 2023-11-16 | 19 | We all just need to agree that ad blockers are good | ||
| Details | Website | 2023-11-16 | 21 | Avast Q3/2023 Threat Report - Avast Threat Labs | ||
| Details | Website | 2023-11-15 | 0 | How to stay protected on the web this holiday season | ||
| Details | Website | 2023-11-13 | 101 | 安全事件周报 2023-11-06 第45周 - 360CERT | ||
| Details | Website | 2023-11-10 | 2 | New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers - RedPacket Security | ||
| Details | Website | 2023-11-10 | 9 | Google ads push malicious CPU-Z app from fake Windows news site - RedPacket Security | ||
| Details | Website | 2023-11-10 | 5 | Risky Biz News: Clop is coming after your SysAid servers | ||
| Details | Website | 2023-11-09 | 2 | New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers | ||
| Details | Website | 2023-11-09 | 0 | New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers | ||
| Details | Website | 2023-11-09 | 9 | Trojanized CPU-Z app on fake Windows news site pushed by Google | ||
| Details | Website | 2023-11-09 | 9 | Google ads push malicious CPU-Z app from fake Windows news site | ||
| Details | Website | 2023-11-09 | 9 | Google ads push malicious CPU-Z app from fake Windows news site | ||
| Details | Website | 2023-11-08 | 0 | Experts Expose Farnetwork's Ransomware-as-a-Service Business Model - RedPacket Security |