A malicious campaign has been targeting premium publishers using malvertising that looks like legitimate ads for popular retailers, according to The Media Trust.
Researchers today published a blog post explaining that a large-scale malicious campaign attempted to exploit 44 adtech vendors with the ultimate goal of attacking the millions of customers who visit 49 of the Alexa 500 premium publisher sites.
Nearly 80% of the devices targeted were running iOS. Of the more than 600,000 attacks that were detected and analyzed, researchers discovered that unsuspecting visitors didn’t even need to click on any of the ads. By visiting the sites, they were redirected to malicious content prompting them to enter their login credentials. This campaign is reportedly unique because of the malware’s adaptability.
“The group behind the attack had designed an adaptive campaign so that as soon as one malware and supply chain route was identified and terminated, another attack would immediately ensue using different malware and alternative supply chain routes,” researchers wrote.
“Each time attacks were identified and foiled, new ones would launch using other ad formats, fire up new supply chain routes, and employ unique code obfuscation techniques.”
Researchers also said, “combining resources that fed into the entire solution was key,” and they suspect that victims who visited less monitored sites likely had some of their credentials compromised.