Common Information
| Type | Value |
|---|---|
| Value |
Malvertising - T1583.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-08-13 | 21 | Common Malware Loaders - ReliaQuest | ||
| Details | Website | 2024-08-12 | 5 | MacOS is Increasingly Targeted by Threat Actors | ||
| Details | Website | 2024-08-07 | 5 | Malvertising, or malicious advertising | ||
| Details | Website | 2024-08-07 | 5 | The Risks of Parked Domains | Bitsight | ||
| Details | Website | 2024-08-06 | 3 | Fake Google Authenticator Website Installs Malware | ||
| Details | Website | 2024-08-05 | 13 | 5th August – Threat Intelligence Report - Check Point Research | ||
| Details | Website | 2024-08-05 | 9 | Cyber Threat Landscape: 2024 Paris Olympic Games | ||
| Details | Website | 2024-08-02 | 1 | Weekly Cyber Threat Intelligence Summary | ||
| Details | Website | 2024-08-01 | 59 | DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain | Infoblox | ||
| Details | Website | 2024-08-01 | 1 | Fake Google Authenticator ads lure users to download malware on GitHub | ||
| Details | Website | 2024-08-01 | 7 | Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft | ||
| Details | Website | 2024-08-01 | 0 | 2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | ||
| Details | Website | 2024-07-31 | 0 | SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor | ||
| Details | Website | 2024-07-30 | 3 | "ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team | ||
| Details | Website | 2024-07-30 | 49 | UNC4393 Goes Gently into the SILENTNIGHT | Google Cloud Blog | ||
| Details | Website | 2024-07-22 | 0 | Beware for Mac malware using fake Microsoft Teams accounts — Techdrive Support | ||
| Details | Website | 2024-07-18 | 0 | Security Challenges Rise as QR Code and AI-Generated Phishing Proliferate | Recorded Future | ||
| Details | Website | 2024-07-17 | 1 | Q2 2024: HUMAN Product Releases | ||
| Details | Website | 2024-07-16 | 39 | Satori Threat Intelligence Alert: Konfety Spreads ‘Evil Twin’ Apps for Multiple Fraud Schemes | ||
| Details | Website | 2024-07-16 | 0 | The Party’s Over: HUMAN’s Satori Threat Intelligence and Research Team Cleans up “Konfety” Mobile Ad Fraud Campaign | ||
| Details | Website | 2024-07-10 | 136 | FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns. - Silent Push | ||
| Details | Website | 2024-07-02 | 269 | Exposing FakeBat loader: distribution methods and adversary infrastructure | ||
| Details | Website | 2024-07-02 | 0 | Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers | Recorded Future | ||
| Details | Website | 2024-07-01 | 0 | HUMAN a Leader in The Forrester Wave™: Bot Management Software, Q3 2024 | ||
| Details | Website | 2024-06-12 | 10 | Insights on Cyber Threats Targeting Users and Enterprises in Brazil | Google Cloud Blog |