Widespread Malvertising Campaign Hijacks 300 Million Sessions

From threatpost.com

A massive malvertising campaign targeting iOS devices hijacked a whopping 300 million browser sessions in just 48 hours.

Researchers at Confiant recorded the campaign Nov. 12, and said that the threat actor behind the campaign is still active to this day.According to researchers, those behind the malvertising campaigns typically inject malicious code into legitimate online ads and webpages, so when victims click those pages, they are forcefully redirected to a malicious page. In this case, the ad unit forcefully redirects mobile users to adult content and gift card scams.

Those included “forceful redirection to fake ‘You’ve Won a Gift Card’ or adult content landing pages,” Confiant CTO Jerome Dangu said in an analysis of the campaign, published Monday.

In this specific case, when users visited a web page, the malicious ad would execute embedded obfuscated JavaScript. Victims were then redirected to an array of malicious landing pages, including happy.hipstarclub[dot]com or happy.luckstarclub[dot]com. These landing pages typically impersonated Google Play apps, making them appear more legitimate, researchers said.

Read more…