An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team.
Threat actors behind a malvertising campaign are explicitly targeting mobile web users, redirecting Android owners to websites where crooks mine Monero using the Coinhive service while the user is busy solving a CAPTCHA.
A group of cyber-criminals created 28 fake ad agencies and bought over 1 billion ad views in 2017, which they used to deliver malicious ads that redirected unsuspecting users to tech support scams or sneaky pages peddling malware-laden software updates or software installers.
A US senator has asked the White House to look into the threat that malicious ads —also known as malvertising— pose to US government networks and computers.
Google announced plans today for three new Chrome security features that will block websites from sneakily redirecting users to new URLs without the user or website owner's consent. One of these features has the potential to stop malvertising attacks.
When you think you've seen it all, malware authors always find a way to impress you. Today's "that's clever!" moment comes courtesy of a criminal group that's been spreading a new version of the Zeus Panda banking trojan since June, this year.
On Wednesday, and probably the previous days, Equifax's credit report assistance website (aa.econsumer.equifax.com) was caught redirecting users to all sort of nasty websites that were peddling fake Flash Player update files laced with adware, fake Android and iOS updates, and scam sites offering products at cheap prices.
A malvertising group nicknamed KovCoreG by security researchers has been using fake browser and Flash updates to trick users into installing the Kovter malware.
Peteris Sahurovs, a Latvian hacker known as "Sagade," was extradited to the US and appeared in Minneapolis court today in regards to accusations of running a scareware operation that pocketed the crook and his partners over $2 million.
A malvertising campaign detected on a popular forum is forcibly downloading an Android app on users' devices, which later installs a second app with more intrusive features and which is almost impossible to remove without flashing the user's phone.
Malicious ads displayed in Google search results for Target — the US retailer — redirected users to a tech support scam.
Ad blockers, our last hope against the onslaught of malvertising campaigns, appear to have fallen, as today, Malwarebytes published new research detailing a malvertising campaign that successfully bypasses ad blockers to deliver their malicious payload.
King of copy-paste exploits, the Sundown exploit kit, has been offline since March 8, and this also includes most of its variations, according to security researcher Kaffeine and Jérôme Segura of Malwarebytes.
It appears that for at least one day, Skype has served malicious ads, which in turn pushed a fake Flash Player update onto users. The malicious ads came to light after Reddit and Twitter users complained about Skype forcing a Flash Player update down their throat.
Microsoft has patched a zero-day vulnerability that was used in the massive AdGholas malvertising campaign and later integrated into the Neutrino exploit kit.
Security researchers from Malwarebytes have discovered a new malvertising campaign targeting visitors of several adult websites, spreading the Ramnit trojan and focusing on users from Canada and the UK.
A malvertising campaign has specifically targeted and redirected Chrome users to a website they couldn't leave unless they agreed to install a rogue Chrome extension.
Reports released by different security vendors highlight that spam campaigns grew tremendously in 2016, as exploit kit activity fell after the three major players went down.
Facebook users in France are subject to a wave of malicious ads, which if clicked, will redirect them to a website hosting a tech support scam.