HookAds Malvertising
News | 11/14/2018

HookAds Malvertising Uses Fallout Exploit Kit to Distribute Malware

About: A HookAds Malvertising Campaign is reported to have been redirecting the users to Fallout Exploit Kit using local adverts, online games and adult portals. Once the kit is activated, it attempts to exploit known vulnerabilities in Windows & installs m...  Read More  

| News | HookAds Malvertising Uses Fallout Exploit Kit to Distribute Malware

Another HookAds Malvertising Campaign has been reported to be active recently, which is redirecting the potential visitors to the Fallout Exploit Kit. Following the activation, the kit will strive to capitalize on the known susceptibilities in Windows to download & install malicious malware in the infected system.

 

The malign malware include DanaBot banking Trojan, GlobeImposter Ransomware and the Nocturnal information & data stealer.

Insight in HookAds Malvertising Campaign

The HookAds Malvertising Campaign acquires contemptible ad space on cheap quality ad networks that are commonly used by online games sites, adult web sites or blackhat SEO Sites. These pernicious ads include JavaScript that redirects the innocent visitors through a string of tempting sites.

 

One such enticing site was discovered last week by Exploit Kit Expert nao_sec.

HookAds temp1

The sites resemble the pages filled with online games, local advertisements or other low quality pages. Unaware of the vicious malware hidden, visitors will unknowingly load the Fallout Exploit Kit in its system. Following this accidental download, the kit will then attempt to install its Malware Payload.

 

According to the Exploit Kit Expert nao_sec, the two HookAds Malvertising Campaigns were exposed last week. One of the campaigns was discovered on 8th November that aimed at distributing password stealing DanaBot banking Trojan.

 

Another Malvertising Campaign that installed the Nocturnal data stealer and GlobeImposter Ransomware was discovered on 10th November.

 

In case the redirected visitor is running Internet Explorer Browser, the Fallout Exploit Kit will try to abuse Windows CVE-2018-8174 VBScript susceptibility to install Malware payload.

Connection with the Previous Campaign

One such HookAds Malvertising Campaign was reported in November 2016 that leveraged alluring adult portals to distribute malware. The rogue infrastructure behind HookAds showed how top visited adult sites were being injected with new scoundrel ad domains.

 

Visitors to the adult portals were redirected to the decoy secondary site via a simple Malvertising string. The statistics estimated that around one million visitors to the adult portals were bared to the Malvertising campaign of November 2016.

 

The traffic was then funneled to one of the many enticing adult websites where an adult banner iframe was implanted dynamically.

 

The non-targets were smartly served a banner ad that redirects them to other adult portals, surprisingly via licit ad networks. Another malicious script served by the same server redirected the users to RIG Exploit Kit.

Conclusion

The HookAds Malvertising Campaign is still active and running with new reprobate ad domains getting registered each day.

 

Therefore, it is mandatory that users ensure all Windows security updates installed in order to protect themselves and their system from potential vulnerabilities.

Hits: 125

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866