Cyber Criminals Are Hacking Ad Servers, Luring Victims to Malware-Infected Sites

Updated by Kyle Baird
In Brief
  • Hackers are now attacking old ad servers to run malicious ads directly.
  • Researchers say hackers have been using open-source ad server Revive.
  • Up to 1.25 million ad impressions from Revive have been compromised daily.
  • promo

    Developing the Next-generation DAO Operating System Read Now

Hackers have continued to attract attention in these times, as they appear to have deployed new strategies to conduct their nefarious activities.

Cybersecurity firm Confiant has exposed the operation of a mysterious hacker group that breaks into ad servers with the sole intent of running malicious ads straight from the networks.

Hack

A New Direct Hacking Method

The hacker group found a flaw in old Revive ad servers that allows them to break into networks running on the server, Confiant reports. Once they gain access, they attach malicious code to existing ads and watch the ads roll out. Revive is an open-source ad serving system that has been in operation for well over a decade.

As soon as an infected ad gets onto legitimate sites, the code immediately redirects the site’s visitors to websites loaded with malware-infected files. These files are usually disguised as Adobe Flash Player updates.

Confiant said it noticed the trend last August, and the number of occurrences has only increased since then. The hacker group — which Confiant named Tar Barnakle — has infected at least 60 old Revive servers. Tag Barnakle has loaded its malicious ads on thousands of sites.

Confiant researcher Eliya Stein noted,

“If we take a look at the volumes behind just one of the compromised RTB ad servers — we see spikes of up to 1.25 [million] affected ad impressions in a single day.”

Confiant also points out that Tar Barnakle’s operating format presents a bit of a break from the norm. Most malvertising companies create fake entities and purchase ads on legitimate sites, thus changing the ads’ codes in the future. These companies also sometimes have help from shady ad networks that have enabled them in the past. However, Tar Barnakle is choosing to attack the ad servers directly.

Phishing and Malware Attacks Continue to Run Rampant

The report is coming in the wave of new fears over the propagation of scams and cyberattacks across the United States and several other developed countries. In the wake of the coronavirus, cyber attackers have been on the prowl and have escalated the scale of their attacks significantly.

Currently, phishing and malware attacks appear to be the most prominent methods used by these coronavirus hackers.

Earlier this week, the Microsoft Security Intelligence team issued a warning to users to be mindful of a new “Trickbot” malware that’s been taking advantage of the pandemic.

According to the researchers, hackers are now posing as the “USA Volunteer Organization” and the “USA Humanitarian Group” and are sending out phishing emails disguised as coronavirus testing information. Each email comes with an attachment that seeks to unleash the Trickbot malware on the victim’s computer. The researchers also warned that several phishing campaigns have been using the remote working theme to encourage victims to share their personal and financial information.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.