Another HookAds Malvertising Campaign has been reported to be active recently, which is redirecting the potential visitors to the Fallout Exploit Kit. Following the activation, the kit will strive to capitalize on the known susceptibilities in Windows to download & install malicious malware in the infected system.
The malign malware include DanaBot banking Trojan, GlobeImposter Ransomware and the Nocturnal information & data stealer.
The HookAds Malvertising Campaign acquires contemptible ad space on cheap quality ad networks that are commonly used by online games sites, adult web sites or blackhat SEO Sites. These pernicious ads include JavaScript that redirects the innocent visitors through a string of tempting sites.
One such enticing site was discovered last week by Exploit Kit Expert nao_sec.
The sites resemble the pages filled with online games, local advertisements or other low quality pages. Unaware of the vicious malware hidden, visitors will unknowingly load the Fallout Exploit Kit in its system. Following this accidental download, the kit will then attempt to install its Malware Payload.
According to the Exploit Kit Expert nao_sec, the two HookAds Malvertising Campaigns were exposed last week. One of the campaigns was discovered on 8th November that aimed at distributing password stealing DanaBot banking Trojan.
Another Malvertising Campaign that installed the Nocturnal data stealer and GlobeImposter Ransomware was discovered on 10th November.
In case the redirected visitor is running Internet Explorer Browser, the Fallout Exploit Kit will try to abuse Windows CVE-2018-8174 VBScript susceptibility to install Malware payload.
One such HookAds Malvertising Campaign was reported in November 2016 that leveraged alluring adult portals to distribute malware. The rogue infrastructure behind HookAds showed how top visited adult sites were being injected with new scoundrel ad domains.
Visitors to the adult portals were redirected to the decoy secondary site via a simple Malvertising string. The statistics estimated that around one million visitors to the adult portals were bared to the Malvertising campaign of November 2016.
The traffic was then funneled to one of the many enticing adult websites where an adult banner iframe was implanted dynamically.
The non-targets were smartly served a banner ad that redirects them to other adult portals, surprisingly via licit ad networks. Another malicious script served by the same server redirected the users to RIG Exploit Kit.
The HookAds Malvertising Campaign is still active and running with new reprobate ad domains getting registered each day.
Therefore, it is mandatory that users ensure all Windows security updates installed in order to protect themselves and their system from potential vulnerabilities.
Hits: 132
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.