Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-09-24 | 0 | Microsoft Edge Found Serving Malicious Tech Support Scam Ads - Slashdot | ||
| Details | Website | 2022-09-15 | 2 | Microsoft Edge’s News Feed ads abused for tech support scams | ||
| Details | Website | 2022-09-14 | 38 | Malvertising on Microsoft Edge's News Feed pushes tech support scams | ||
| Details | Website | 2022-08-25 | 0 | Why Antivirus May Be the Only Real Weapon Against Malvertising - Integral Defence | ||
| Details | Website | 2022-08-17 | 0 | Malvertising and the Problems with False Positives | ||
| Details | Website | 2022-08-16 | 93 | SocGholish Malware: Script Injections, Domain Shadowing, IPs & Obfuscation Techniques | ||
| Details | Website | 2022-08-08 | 30 | Underminer Exploit Kit: The More You Check The More Evasive You Become | ||
| Details | Website | 2022-08-03 | 2 | IOTW: Microsoft links Raspberry Robin malware to hacking group EvilCorp | ||
| Details | Website | 2022-07-19 | 33 | Anomali Cyber Watch: H0lyGh0st Ransomware Earns for North Korea, OT Unlocking Tools Drop Sality, Switch-Case-Oriented Programming for ChromeLoader, and More | ||
| Details | Website | 2022-07-13 | 0 | Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware | ||
| Details | Website | 2022-07-12 | 272 | ChromeLoader: New Stubborn Malware Campaign | ||
| Details | Website | 2022-07-05 | 0 | cleanAD’s Threat Mitigation Language: What It Is, What It Isn’t, and How It's Changing the Game | ||
| Details | Website | 2022-06-16 | 2 | The Phish Goes On | ||
| Details | Website | 2022-06-08 | 156 | MakeMoney malvertising campaign adds fake update template | ||
| Details | Website | 2022-06-07 | 7 | ChromeLoader: a pushy malvertiser | ||
| Details | Website | 2022-06-06 | 15 | Phishing tactics: how a threat actor stole 1M credentials in 4 months | ||
| Details | Website | 2022-06-03 | 7 | Understanding REvil: REvil Threat Actors May Have Returned (Updated) | ||
| Details | Website | 2022-03-21 | 9 | A Whirlwind Tour Of Crypto Phishing | ||
| Details | Website | 2022-03-21 | 5 | Behold, a password phishing site that can trick even savvy users | ||
| Details | Website | 2022-03-16 | 23 | DirtyMoe: Worming Modules - Avast Threat Labs | ||
| Details | Website | 2022-02-18 | 2 | Distribution of Magniber Ransomware Stops (Since February 5th) - ASEC BLOG | ||
| Details | Website | 2022-02-18 | 3 | Top 5 recommendations for preventing ransomware for 2022 | ||
| Details | Website | 2022-02-16 | 7 | Playing with AsyncRAT | ||
| Details | Website | 2022-02-11 | 2 | Avast Threat Labs releases Q3 2022 Threat Report | ||
| Details | Website | 2022-01-12 | 27 | Exploit Kits vs. Google Chrome - Avast Threat Labs |