Skip to content

VeryMal Strikes Again With a New Twist on Its Complex Redirect Attack

By | Published

Sometimes… Oftentimes… They come back.

The redirect attacks, that is, something just about every publisher at AdMonsters’ Publisher Forum in Miami last week could attest to. And every one of those attendees has definitely thought to themselves, “Who the hell is doing this?”

Enter VeryMal, a relatively new malvertising group that’s been causing a great deal of havoc in 2019. On March 13, Confiant’s real-time malvertising scanner picked up a spike in redirects tied to Google’s Firebase, an evolution from VeryMal’s previous use of steganography.

However, the package delivered gave the culprit away: a forced redirect to a fake Flash installer that actually implants a Shlayer Trojan on a user’s device. Lasting around 36 to 48 hours, this attacked affected around 1 million users, with a taste for those on desktop Safari.

To learn more about the ne’er-do-wells behind the nuisance, we asked Confiant Senior Engineer Eliya Stein and CEO LD Mangin for more details on this latest attack and what makes VeryMal such a sophisticated attacker. We also got a peek into Confiant’s latest Demand Quality report (which we’ve written about before) and their mysterious new “Chief Quality Officer.”

Read Complete Article:

Share this story

Subscribe to our newsletter to stay up to date on the latest trends and emerging threats.

Take Us For A Spin

Request a trial and see how it feels to have Confiant on your side.

Get Started Free