The Tag Barnakle malvertising group is hacking into Revive ad servers to inject and deliver malicious advertisements on unwary visitors.
Most online publishers use hosted ad server platforms such as Google Ad Manager to deliver their ads, but some still prefer to use self-hosted ad serving platforms to have greater control and flexibility on how they display their ads.
One open-source self-hosted platform that has been around for the past ten years is called the Revive ad server.
Just like any application, Revive has had its share of vulnerabilities that can be used to inject malicious advertisements into web sites that utilize the ad server.
In a new report by advertising security firm Confiant, we can see how one malvertiser known as Tag Barnakle is mass-compromising Revive ad servers to inject their own code into a publisher's existing advertising campaigns.
"In recent months, we have seen a wave of malvertisements that are attached to Revive creatives spanning dozens of instances of ad servers, including those owned and operated by publishers and ad networks," Confiant security researcher Eliya Stein explained in a report.