A mysterious hacker group has been taking over ad servers for the past nine months in order to insert malicious ads into their ad inventory, ads that redirect users to malware download sites.
This clever hacking campaign was discovered last month by cyber-security firm Confiant and appears to have been running for at least nine months, since August 2019.
Confiant says hackers have targeted advertising networks running old versions of the Revive open-source ad server. Hackers breach outdated Revive servers and silently append malicious code to existing ads.
Once the tainted ads load on legitimate sites, the malicious code hijacks and redirects site visitors to websites offering malware-laced files -- usually disguised as Adobe Flash Player updates.
Confiant says it identified around 60 Revive ad servers that have been compromised by this hacker group -- which the company has codenamed Tag Barnakle.