Malware News AdGholas malvertising campaign hid malicious code in images to avoid discovery

Captain Awesome

Level 23
Thread author
Verified
Top Poster
Well-known
May 7, 2016
1,285
In what researchers are calling a first, a massive malvertising campaign that infected thousands of people per day was relying on steganography – the art of hiding code in images – to conceal malware that was delivered to the victims in drive-by fashion.

Discovered in 2015 by Proofpoint, the campaign – dubbed AdGholas – was recruiting as many as one million client machines on a daily basis to conduct its operations until ceasing operations this month after the cybersecurity firm alerted affected advertising network operators.

Not all users who clicked on an AdGholas-delivered malicious ads were redirected to a malicious webpage and infected, according to a Proofpoint blog post. Indeed, AdGholas was cleverly designed to be highly discriminating, weeding out any machines on which it might be discovered, especially by a researcher, explained Patrick Wheeler, director of threat intelligence at ProofPoint, in an interview with SCMagazine.com.

To go after the average, less tech-savvy user, the perpetrators behind AdGholas used highly sophisticated filtering technologies to either eliminate or select prospective victims based on language settings, time zones, and browser configuration. The filtering mechanisms also sought out machines that contained specific software or drivers typically associated with certain computer brands that the attackers wanted to specifically target.
Read more here:AdGholas malvertising campaign hid malicious code in images to avoid discovery
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top