S
sinu
Thread author
According to The Trust Media team, a malicious SWF file was downloaded on the victim's computers when accessing a video page. The malicious file was hosted on the brtmedia.net domain and was imitating a video player.
This SWF file executes its malicious load only on lesser known sites, avoiding large video platforms, where security teams continually search their sites looking for problematic ads.
The actual attack happens when the SWF file injects JavaScript code in the page where the video ad is supposed to display, simulating a winning ad bid, but actually loading a 1px by 1px hidden iframe.
This iframe loads a popup window that scans the user's computer settings and prompts him with a message to update some of his local software.
If the user is careless to click on the popup, he will download malicious software packed with PUPs and other malware.
Read More : Malvertising Has Now Spread to Video Ads
This SWF file executes its malicious load only on lesser known sites, avoiding large video platforms, where security teams continually search their sites looking for problematic ads.
The actual attack happens when the SWF file injects JavaScript code in the page where the video ad is supposed to display, simulating a winning ad bid, but actually loading a 1px by 1px hidden iframe.
This iframe loads a popup window that scans the user's computer settings and prompts him with a message to update some of his local software.
If the user is careless to click on the popup, he will download malicious software packed with PUPs and other malware.
Read More : Malvertising Has Now Spread to Video Ads
