The ad server for a very popular video converter site was hacked to display malvertising that loads the GreenFlash Sundown exploit kit. This exploit kit would then drop the SEON Ransomware, Pony information stealing Trojan, and miners on a vulnerable computer.
Most web sites that utilize advertising will partner with an ad network that handles the ad serving. Some publishers, though, will utilize their own ad server and use it to display advertisements on their site.
In a new report, Malwarebytes explains that the threat actors behind the GreenFlash Sundown exploit kit are known to compromise a publisher’s ad server so that it display malvertising to visitors.