Confiant alerts our customers whenever significant, widespread malvertising attacks occur in the programmatic ecosystem. Confiant’s threat intelligence team sent a malvertising attack alert to our clients about an attack served through video provider VDO.AI and a notification to VDO of the malvertising issue as well. The malicious script rotates malvertising chains that either redirect the page or install a "pop-under" that triggers when users click anywhere on the page. Landing pages include malware (via PopAds) and porn websites (via ExoClick and others).
Confiant identified that video provider VDO.AI was serving a malicious third-party dependency likely due to an infrastructure compromise. The malicious script rotates malvertising chains that either redirect the page or install a "pop-under" that triggers when users click anywhere on the page. Landing pages include malware (via PopAds) and porn websites (via ExoClick and others).
On December 24, Confiant identified the malicious domain as reypelis[.]tv. Confiant notified VDO.AI of the issue. Two days later we observed that the malicious script had been removed.
From December 20, 2022 to December 26, 2022.
- Direct publisher integrations
- Programmatic demand
- Geographies: Not targeted
- Targeting: Not targeted
- Reach: The malicious domain loads on every occurrence of VDO AI's video player. Some cloaking conditions seem to make it only execute in specific environments. Our analysis is still on-going.
Malvertising Attack Through VDO.AI: Source Confiant
Preventing Malvertising Ongoing
By providing industry-leading protection against malvertising, disruptive ads, and privacy risks Confiant empowers premium ad platforms and publishers with actionable data to ensure the digital ad ecosystem is safe and secure for everyone.
Not part of the Confiant customer community yet? Request a free trial today.
Learn more at our Malvertising Attack Matrix: https://matrix.confiant.com/