Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-02-09 | 10 | Cloud Credentials Phishing | Malicious Google Ads Target AWS Logins | ||
| Details | Website | 2023-02-09 | 119 | Bluepurple Pulse: week ending February 12th | ||
| Details | Website | 2023-02-08 | 1 | 146. I Am Extortionary (If You Ever Get To Know Me) | ||
| Details | Website | 2023-02-05 | 0 | Malvertising: How to Protect Yourself from Online Advertising Scams | ||
| Details | Website | 2023-02-02 | 0 | Meet A Human: Vikas Parthasarathy | ||
| Details | Website | 2023-01-31 | 0 | Strengthen Your Cybersecurity Posture in an Economic Downturn | ||
| Details | Website | 2023-01-24 | 16 | Anomali Cyber Watch: Roaming Mantis Changes DNS on Wi-Fi Routers, Hook Android Banking Trojan Has Device Take-Over Capabilities, Ke3chang Targeted Iran with Updated Turian Backdoor | ||
| Details | Website | 2023-01-20 | 37 | Malvertiser Makes the Big Bucks on Black Friday | ||
| Details | Website | 2023-01-19 | 24 | Traffic signals: The VASTFLUX Takedown | ||
| Details | Website | 2023-01-19 | 1 | How the VASTFLUX Takedown Benefits Programmatic Players | ||
| Details | Website | 2023-01-19 | 6 | Increased Activity in Google Ads Distributing Information Stealers | ||
| Details | Website | 2023-01-19 | 24 | Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results | ||
| Details | Website | 2023-01-18 | 124 | Fake Software Malvertising Spreads IcedID and Infostealers | HP Wolf Security | ||
| Details | Website | 2023-01-18 | 0 | Malvertising on Google Ads is a growing problem that isn’t going away | ||
| Details | Website | 2023-01-18 | 0 | Google Ads malvertising campaign prompts questions around Search security | IT PRO | ||
| Details | Website | 2023-01-17 | 1 | Your Guide on How Ransomware Spreads in Company Networks & on the Internet | ||
| Details | Website | 2023-01-17 | 32 | Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks | ||
| Details | Website | 2023-01-12 | 79 | Bluepurple Pulse: week ending January 15th | ||
| Details | Website | 2023-01-10 | 9 | Raspberry Robin's botnet second life | ||
| Details | Website | 2023-01-10 | 0 | HACKING | ||
| Details | Website | 2023-01-10 | 1 | Cyber threats 101: how to prevent file-based malware and botnets | ||
| Details | Website | 2023-01-09 | 1 | What is a Botnet attack and how does it work on a computer - | ||
| Details | Website | 2023-01-09 | 31 | Crypto-inspired Magecart skimmer surfaces via digital crime haven | ||
| Details | Website | 2023-01-08 | 1 | Search Results Contain Imposter Ads, FBI Warns | IT Security News | ||
| Details | Website | 2023-01-06 | 0 | How to stay safe while streaming Champions League matches |