The use of Hibids advertising platform, the cyber criminals have been delivering the malicious advertisements to over millions of victims around the world in a very huge scale malvertising and baking Trojan campaign, according to the researchers at Check Point.
These malicious advertising ahs infected the PC or mobile devices of the people who are viewing the ads with malware, such as a crypto-miner, ransomware or a banking Trojan. Master134, the criminals have reported to be responsible for this campaign, who has stolen the traffic by redirecting them from over 10,000 hacked WordPress websites, then they have successfully sold it to Adsterra, the real time bidding (RTB) ad platform, according to the today’s blog post.
From there, the Adsterra has sold that traffic to advertising platform such as the Exoclick, AdKernel, EvoLeads and AdventureFeeds, which passed it on to the highest-bidding ‘advertiser.’ “Our discovery revealed an alarming partnership between a threat actor disguised as a Publisher and several legitimate Resellers that leverage this relation to distribute a variety of malware which have included the Banking Trojans, ransomware and bots,” researchers wrote.
During the campaign, which is yet active, the Check Point has reportedly seen 40,000 clicks per week on these malicious ads. Cyber criminals, who have measure the return on investment of their ad spend by comparing it to the money they make from crypto mining and ransom, are compromising the legitimate business of online advertising, exploiting it to display the malware-infected ads.
“We can’t help but wonder — is the online advertising industry is responsible for the public’s safety? Indeed, how can we be certain that the advertisement we encounter while visiting a legitimate websites are not meant to harm us?” the researcher wrote.