A Hong Kong-based advertiser has mounted a snowballing campaign, compromising more than 100 million ads to date by forming relationships with legitimate ad platforms to gain access to premium audiences. From there, it often pushes malware onto victim machines.
The malvertiser, operating under the name “fiber ads,” redirects those who view its advertisements to a variety of nefarious schemes.
“Anything is possible – the best-case scenario is a gift card or cellphone giveaway scam, but there is plenty of evidence that suggests a network of landing pages that carry much higher risk [from malware], such as tech support scams or fake anti-virus downloads,” said Eliya Stein, a senior security engineer at Confiant, in a posting on Wednesday.
Inklings of the campaign surfaced earlier in the year, with reports of malvertisements showing up through Windows 10 desktop applications. French security researcher and blogger Malekal for instance flagged unusual activity in April:
Upon further examination, Stein said it became apparent that ads within applications weren’t the only conduit for the attacker.