Cyber-criminals have been using the HiBids advertising platform to deliver malicious advertisements to millions of victims worldwide in a large-scale malvertising and banking Trojan campaign, as reported by researchers at Check Point.
These malicious ads have the capability to infect the PC or mobile device of the viewer with malware such as crypto-miners, ransomware, or banking Trojans. The campaign, allegedly orchestrated by Master134, involved redirecting stolen traffic from over 10,000 compromised WordPress sites and selling it to Adsterra, a real-time bidding ad platform, as detailed in a recent blog post.
Adsterra then passed on the traffic to advertising resellers like ExoClick, AdKernel, EvoLeads, and AdventureFeeds, who in turn sold it to the highest-bidding ‘advertiser.’ However, these advertisers were not legitimate companies but rather criminals seeking to distribute various forms of malware, including ransomware, banking Trojans, and bots. This deceptive tactic allowed infected ads to appear on numerous publishers’ websites globally.
The success of this campaign hinged on the appearance of legitimacy of the advertisers, deceiving both the online advertising industry and unsuspecting internet users. Check Point observed approximately 40,000 clicks per week on these malicious ads during the ongoing campaign, illustrating the significant impact of cyber-criminals exploiting online advertising for their malicious intent.
As threat actors continue to evolve their attack methods, researchers anticipate more of these types of campaigns in the future. The involvement of seemingly legitimate online advertising companies raises concerns about the industry’s role in ensuring public safety. The researchers pose a critical question: how can users be certain that the advertisements they encounter on legitimate websites are not intended to harm them?
The discovery of this malicious campaign underscores the importance of vigilance and cybersecurity measures in the digital landscape. Safeguarding against malvertising and banking Trojan attacks requires a collaborative effort between cybersecurity professionals, online advertising platforms, and internet users to mitigate the risks posed by cyber-criminals.