Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2019-11-21 | 13 | The cybercrime ecosystem: attacking blogs | ||
| Details | Website | 2019-11-05 | 33 | New Capesand Exploit Kit Reuses Public Exploits, Tools | ||
| Details | Website | 2019-11-04 | 2 | WP-VCD: The Malware You Installed On Your Own Site | ||
| Details | Website | 2019-10-01 | 2 | Fileless Botnet Novter Spread Via KovCoreG Campaign | ||
| Details | Website | 2019-09-30 | 2 | Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects | ||
| Details | Website | 2019-09-24 | 46 | OSX/Shlayer new Shurprise.. unveiling OSX/Tarmac | ||
| Details | Website | 2019-09-04 | 26 | Glupteba Hits Routers and Updates C&C Servers | ||
| Details | Website | 2019-09-03 | 1 | Nemty Ransomware Gets Distribution from RIG Exploit Kit | ||
| Details | Website | 2019-09-03 | 16 | New social engineering toolkit draws inspiration from previous web campaigns | Malwarebytes Labs | ||
| Details | Website | 2019-08-16 | 0 | Beers with Talos Ep. #59: The tardy episode | ||
| Details | Website | 2019-08-02 | 34 | SystemBC is like Christmas in July for SOCKS5 Malware and Exploit Kits | Proofpoint US | ||
| Details | Website | 2019-07-31 | 73 | Malvertising: Online advertising's darker side | ||
| Details | Website | 2019-07-30 | 68 | Exploit kits: summer 2019 review | Malwarebytes Labs | ||
| Details | Website | 2019-07-10 | 30 | Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil - Avast Threat Labs | ||
| Details | Website | 2019-06-27 | 82 | Welcome Spelevo: New exploit kit full of old tricks | ||
| Details | Website | 2019-06-20 | 17 | Threat Source newsletter (June 20, 2019) | ||
| Details | Website | 2019-05-10 | 0 | Threats target financial institutions, fintech, and cryptocurrencies | Malwarebytes Labs | ||
| Details | Website | 2019-05-02 | 0 | Cryptojacking in the post-Coinhive era | Malwarebytes Labs | ||
| Details | Website | 2019-04-30 | 281 | Buhtrap backdoor and Buran ransomware distributed via major advertising platform | WeLiveSecurity | ||
| Details | Website | 2019-04-19 | 0 | Security researcher MalwareTech pleads guilty | ||
| Details | Website | 2019-04-16 | 10 | Massive eGobbler Malvertising Campaign Leverages Chrome Vulnerability To Target iOS Users | ||
| Details | Website | 2019-04-11 | 6 | The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack | Imperva | ||
| Details | Website | 2019-03-26 | 17 | Plugin vulnerabilities exploited in traffic monetization schemes | Malwarebytes Labs | ||
| Details | Website | 2019-03-19 | 6 | Shlayer Purveyor VeryMal Renounces Steganography In Favor Of Google Firebase As Malvertisers Shift… | ||
| Details | Website | 2019-03-12 | 5 | Examining Powload’s Evolution |