malvertising Archives

Threat actors have compromised 70,000 previously legitimate websites and created a powerful network capable of distributing malware.

Named VexTrio, this network of compromised websites appears to have started in 2017, but it’s only more recently that details around its activity have emerged. As well as distributing malware, the VexTrio network also utilizes phishing pages, and allows the VexTrio hackers to harvest login credentials. The campaign is a significant one, and one which is powerful enough to cause harm to anyone who gets caught up in its operations. Therefore, it’s time to take a look at the VexTrio campaign to see what we can learn.

Understanding the VexTrio Network

The VexTrio campaign relies on a malicious traffic distribution system (TDS) to lead unsuspecting internet users to compromised websites. A TDS is, in simple terms, a web application used to analyze and filter incoming traffic and, following the analysis, redirect it to a specific page. Typically, the activities of a TDS are facilitated by malvertising activities or malicious websites. VexTrio favors using malicious websites.

Working with a number of affiliates, many of whom offer access to hijacked websites, VexTrio has managed to amass a sizeable network over the last seven years. And VexTrio are very much the middle-man in the operation. For a fee, VexTrio will feed incoming traffic through their TDS and forward innocent victims towards the websites they’re mostly likely to be interested in. It’s very similar to legitimate advertising networks, but with a vicious sting in its tale.

The malicious websites which comprise the VexTrio network contain a wide range of threats. For example, one of the affiliates, known as ClearFake, tricks users into downloading what is claimed to be a browser update, but is little more than malware. SocGholish, another well-known malware threat, is part of the VexTrio network and uses it to push unauthorized access to corporate websites.

Don’t Fall Victim to VexTrio

The threat of VexTrio is a substantial one, and organizations need to be aware of the damage it can cause. Luckily, you can protect yourself and your IT systems by implementing the following best practices:

Use an adblocker: you can minimize the risk of being lured to a malicious website by installing an adblocker on your systems. Not only will this block annoying popups, but it will also block any malvertising threats from being activated. These adblockers are usually available as browser extensions e.g. Ghostery and AdBlock for Chrome.
Disable JavaScript: attacks launched through VexTrio often rely on JavaScript to execute their malicious tasks. Accordingly, disabling JavaScript will eliminate the chances of such an attack taking place on your system. However, JavaScript is essential for many legitimate websites, so it’s recommended that you allow it to run only on trusted sites.
Install anti-malware tools: if you install an anti-malware app, such as AVG, you benefit from tools which block malicious websites. These tools are connected to databases which are constantly updated to identify and block malicious websites, such as those featured in the VexTrio network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Bumblebee Malware Gives a Nasty Sting Through Google Ads

Ad-Blocker, Bumblebee, malvertising, malware, Ophtekad-blocker, Bumblebee, malvertising, malware, OphtekOphtek, LLC

Jun 2023

It’s difficult to avoid online ads these days. This makes them the perfect target for hackers. And this is what they have done with the Bumblebee malware.

It’s estimated that the average American is exposed to between 4,000 to 10,000 online ads a day. And each one of these ads has the potential to carry malware. Therefore, it’s not surprising that threat actors have started exploiting them. This recent attack, however, has also employed SEO poisoning in its campaign – this is a method by which hackers create malicious websites and tempt visitors there with high-demand keywords.

Bumblebee, then, is a credible threat to your organization and its IT systems. Consequently, it’s important that you know how it operates and, most importantly, how to avoid it.

What Do You Need to Know about Bumblebee?

First discovered in April 2022, the Bumblebee malware is classed as a ‘malware loader’ variant. This means that it is used to connect a remote attacker directly with the infected system. It’s believed that Bumblebee comes from the same hacking group behind BazarLoader. Bumblebee, however, is more powerful and is backed by enhanced stealth capabilities. So, not only is it capable of causing greater damage, it’s also harder to detect. This, as I’m sure you’ll agree, is the last thing any PC owner wants to hear.

The most common approach for Bumblebee is to use Google Ads to lay bait for unsuspecting PC owners. For example, a Google Ad promising a free SQL to NoSQL guide was used to redirect those who clicked it to a fake download page. We say “a fake download page” but it did, in fact, take people to a page where a download occurred. Instead of a free guide, though, it instead downloaded Bumblebee. This malware was then opened and, to reduce detection, loaded Bumblebee into the infected system’s memory.

Typically, Bumblebee has been targeting businesses rather than consumers. Ransomware, therefore, has been at the front of the threat actors’ operations. But this is achieved through highly detailed planning. Upon the initial infection, Bumblebee quickly downloads a series of malicious tools such as remote access services, network scanning apps and keystroke loggers. This strategy allows the attackers to identify weak spots and deploy ransomware where it will be most effective.

How Do You Beat Bumblebee?

All business owners can agree that ransomware is a headache they can do without. So, how do you keep your systems safe from the Bumblebee attack? Well, you may be surprised that the following tips make it very easy:

Use an ad-blocker: if you can block malicious ads, you’re blocking their opportunity to cause damage. The simplest way to achieve this is by installing an ad-blocker. These tools will minimize the number of adverts which can be shown and, instantly, reduce your risk of falling for a malicious ad.

Keep your software up to date: malicious ads often take advantage of vulnerabilities in outdated software. By keeping your web browser, operating system, and other software up to date, you can reduce your risk of falling victim to malvertising attacks.

Educate your staff on malicious ads: it’s very easy for busy employees to experience a momentary distraction, and this is when they are most likely to click on a malicious ad. However, with regular training, which includes examples, you can prime your staff to dismiss malicious ads the moment they see them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Glupteba Malware Returns With a Bang

Ad-Blocker, botnets, Glupteba, Google, malvertising, network activities, Ophtek, unauthorized proxiesad-blocker, botnets, Glupteba, google, malvertising, network activities, Ophtek, unauthorized proxiesOphtek, LLC

Jan 2023

Despite experiencing a major obstacle a year ago, in the form of Google’s anti-malware efforts, the Glupteba malware is back.

First discovered in 2011, Glupteba is a veteran of the malware scene, although one which goes through periods of intense activity before disappearing for years at a time. A classic botnet, Glupteba has always focused on stealing data, but it has also made sure it has a backup plan in the form of targeting router exploits. Therefore, the news of its re-emergence is troubling for your IT infrastructure. And, given that Glupteba has been updated to be even stronger than ever before, you’re going to need to be on high alert.

Thankfully, we’re on hand to look at this malware and provide some critical advice on how to protect your organization.

Glupteba’s Latest Campaign

Following Google’s disruption of Glupteba’s botnet, which operated on the blockchain, Glupteba went quiet for several months. However, in June 2022 it was discovered that a new campaign had been launched, one which remains active as of this time of writing. Glupteba’s latest strategy targets Windows devices and has set its sights on harvesting data, using infected devices to mine cryptocurrency and setting up unauthorized proxies.

Glupteba is transmitted via traditional infection methods which include malicious installers (typically promoting themselves as free software installers) and through malvertising campaigns. As Glupteba is blockchain enabled, this gives it the ability to constantly change the command and control servers it uses. And, as it uses blockchain transaction data (which cannot be erased) to facilitate its attack, it’s very difficult to make a dent in the power of Glupteba’s botnet. These attacks often employ TOR services as well, a move which makes tracing the attacks next to impossible.

Staying Safe from Glupteba

One word in particular keeps being used when discussing Glupteba’s latest campaign: resilient. The source of its resilience comes from its design, one that uses deception and stealth to protect its operators and ensure it continues to spread. But this doesn’t mean you need to fall victim to Glupteba. If you make sure you follow good cybersecurity practices, you should be able to keep your IT infrastructure safe. All you have to do is:

Understand the threat of malvertising: the internet is full of malicious adverts, but there are ways you can make your PC safer. The simplest way to do this is by installing an ad-blocker, these will block both irritating and malicious adverts, so it’s a win-win situation. Malvertising is also known to use exploits to spread its payload, so you need to make sure your browsers are fully patched and up to date.

Monitor network activity: as Glupteba is a botnet, its operations are likely to lead to a spike in network traffic. And, if unauthorized proxies have been set up, this network activity is likely to go stratospheric. Therefore, you need to keep your network activity monitored to help you analyze any anomalies which may act as an early warning system.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Different Types of Malware to Look Out For

botnets, fileless malware, malvertising, malware, Ophtek, Ransomware, spywarebotnets, fileless malware, malvertising, malware, Ophtek, ransomware, spywareOphtek, LLC

Oct 2020

The world of malware is a complex one due to the sheer variety of forms it can take. And it’s these differences which make it difficult to deal with.

The term malware is generally used as an all-encompassing term to describe a piece of malicious software. But, over the years, many different strains of malware have emerged as hackers evolve their tools and techniques. These strategies are often put into action to help avoid detection, but sometimes these new strains are the result of changes in technology.

Regardless of the reasons for developing a new malware variant, the end result is the same: a threat to your PC.

It’s vital that these threats are countered to protect your networks and your data; the best way to secure this safety is by understanding the different types of malware.

Identifying the Most Common Malware Variants
It’s difficult to put a precise number on all the malware strains that are out in the digital wild, but these are five of the most common forms:

1. Ransomware: One of the most debilitating forms of malware, in terms of finance and productivity, ransomware has generated many headlines over the last few years. It’s a type of malware which infects PCs and encrypts crucial files. The only way to decrypt these locked files is by paying a ransom, usually demanded in an untraceable cryptocurrency, in order to obtain a key for their release.

2. Malvertising: We all find online adverts irritating, but usually all we have to do is either close or mute the advert. With malvertising, however, things are more sinister. A new take on malware, malvertising laces legitimate online adverts with malicious files . And what’s most troubling about this malware strain is that it doesn’t require any user action e.g. clicking on the advert. If the advert runs then the malware is active.

3. Botnets: Hackers like to strengthen their attacks and one of the simplest ways for them to achieve this is by infecting large numbers of PCs. By collecting together whole networks of PCs, a hacker can use these numbers, and associated processing power, to launch large attacks on other networks and websites. These botnets are created through malware attacks and are causing particular problems within IoT networks.

4. Spyware: Data is crucial to organizations and, due to its value, is also highly prized by hackers. Not only can data be used to access secure systems, but financial data is extremely valuable. Therefore, hackers are keen to steal this data; spyware represents one of the easiest methods of achieving this. Once a PC is infected with spyware it’s every action is monitored, logged and transmitted e.g. keystrokes are recorded to reveal sensitive login details.

5. Fileless Malware: One of the more recent developments in malware, fileless variants are exactly what they sound like: no files necessary. Fileless malware sidesteps the traditional route of operating within the hard drive and, instead, works within a PCs memory. This is a clever approach as anti-malware software concentrates on hard drive activity. From the relative safety of a PCs memory, fileless malware leaves little evidence of its presence.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Threat of Malvertising

Securitymalvertising, malwareOphtek, LLC

Dec 2016

Some websites are seen as trusted, but malvertising is a new threat to the world of cyber security and may cause every website to be viewed with caution.

Now, we’ve all been irritated by online ads whilst trying to enjoy our favorite websites, but, with the advent of malvertising – short for malicious advertising – they’ve reached a new level of irritability. And it’s a threat that has the potential to affect everyone with popular sites such as Spotify and Reuters already falling victim.

As it’s such a new threat, it’s a good idea to familiarize yourself with the signs and symptoms of malvertising in order to protect your data and feel safe.

What is Malvertising?

Popular websites tend not to handpick their adverts and, instead, they turn to third party ad networks who are able to use complex algorithms and read cookies (tracking files left legitimately by websites) to deliver bespoke adverts to visitors.

And, what many people are unaware of, is that when you connect to sites such as Spotify and Reuters, you’re also connecting to a number of other web addresses and these can include third party ad networks. Naturally, this instantly provides a number of routes for hackers to exploit that the web user is completely unaware of.

With malvertising, hackers use these footholds to deliver malicious adverts which may appear to be genuine, but contain malware. Sometimes the web user will need to click on the ad to activate its payload, but many other forms of malvertising will embed scripts in the affected webpage to automate the execution and infect the user.

Malvertising is also particularly effective as it’s able to ascertain details of the user’s operating system and web browser which is crucial for hackers to launch specific attacks e.g. Firefox running on Windows XP will have different vulnerabilities to Internet Explorer running on Windows 8.

Hackers can also target specific individuals by infecting ads which use specific keywords e.g. a lawyer looking for “lawyer briefcase”, so this, again, highlights just how sophisticated and bespoke a method of hacking malvertising is.

Combatting Malvertising

Malvertising may be new, but it doesn’t mean you need to panic about being defenseless. In fact, if you follow the advice below then you should find you’re well protected from malvertising:

Keep your browsers updated – Internet browsers such as Chrome and Internet Explorer are designed with safety measures in place to identify websites exploited by malvertising. However, you need to ensure that your browser is up to date to ensure you’re protected from the latest threats.
Update Flash – We’ve discussed the security flaws in Abobe Flash before and it’s no surprise to discover that malvertising just loves to exploit Flash. Therefore, it’s crucial that all patches and updates are installed as soon as possible. Or, alternatively, just disable Flash from running at all times.
Use ad-blockers – Popular with many users, ad-blockers prevent ads from being displayed and prevent users clicking on them and activating malware. These may, however, block genuine adverts that are necessary, but these can easily be put on ‘exceptions’ lists.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Tag Archives: malvertising

What is Malvertising?

Combatting Malvertising