Researchers have discovered a sophisticated malicious advertising network targeting both Mac and Windows users through dozens of high-traffic sites.
According to Cisco’s Talos Security Research team, the malvertising network—nicknamed ‘Kyle and Stan’—was found capable of mutating, spreading spyware, adware and browser hijackers.
The group of researchers reported the major network could potentially reach millions with more than 700 malicious domains from 74 large websites, including amazon.com, youtube.com, www.winrar.com and ads.yahoo.com.
Researchers say the online malware ads have made 9,541 connections since its detection in May, but it’s likely “just the tip of the iceberg.”
The attack is carried out by redirecting unsuspecting users to a different website based on the type of operating system used. “Once the victim gets redirected to the final URL, the website automatically starts the download of a unique piece of malware for every user,” said security researcher Armin Pelkmann.
“The file is a bundle of legitimate software, like a media-player, and compiles malware and a unique-to-every-user configuration into the downloaded file.” Pelkmann adds the attackers heavily rely on social engineering techniques to lure users into installing the software packages with no drive-by exploits used thus far.
Additionally, researchers warn the attacks are still ongoing and “it is not too farfetched that other kinds of malware are being used, as well.”
Tripwire security researcher Ken Westin said, “Just like any tech-savvy business, cybercriminals will take advantage of tools at their disposal, replicating the same technology used to power legitimate ad networks.”
“This type of attack can be thwarted by running frequent checks for the URLs that the ad links are pointing to. There are many automated ways to monitor malicious URLs but the businesses hosting the ads should take the responsibility of monitoring outgoing links.”
Read More Here…