Jerome Dangu, CTO and Cofounder

 •  1 minute read

Malvertising Attack Through VDO.AI

Timely Alerts

Confiant alerts our customers whenever significant, widespread malvertising attacks occur in the programmatic ecosystem. Confiant’s threat intelligence team sent a malvertising attack alert to our clients about an attack served through video provider VDO.AI and a notification to VDO of the malvertising issue as well. The malicious script rotates malvertising chains that either redirect the page or install a "pop-under" that triggers when users click anywhere on the page. Landing pages include malware (via PopAds) and porn websites (via ExoClick and others).

Attack Information

Confiant identified that video provider VDO.AI was serving a malicious third-party dependency likely due to an infrastructure compromise. The malicious script rotates malvertising chains that either redirect the page or install a "pop-under" that triggers when users click anywhere on the page. Landing pages include malware (via PopAds) and porn websites (via ExoClick and others).

Video ad server VDO.AI has been exposing users to malvertising via a compromised JavaScript URL located at https://a.vdo[.]ai/core/assets/vdo.player.js

On December 24, Confiant identified the malicious domain as reypelis[.]tv. Confiant notified VDO.AI of the issue. Two days later we observed that the malicious script had been removed.

When

From December 20, 2022 to December 26, 2022.

How

  • Direct publisher integrations
  • Programmatic demand

Where

  • Geographies: Not targeted
  • Targeting: Not targeted
  • Reach: The malicious domain loads on every occurrence of VDO AI's video player. Some cloaking conditions seem to make it only execute in specific environments. Our analysis is still on-going.
Malvertising served through VOD.AI
Malvertising Attack Through VDO.AI: Source Confiant

Preventing Malvertising Ongoing

By providing industry-leading protection against malvertising, disruptive ads, and privacy risks Confiant empowers premium ad platforms and publishers with actionable data to ensure the digital ad ecosystem is safe and secure for everyone.

 

Not part of the Confiant customer community yet? Request a free trial today.

Learn more at our Malvertising Attack Matrix: https://matrix.confiant.com/