Popular streaming website DailyMotion has been at the crosshairs of an intrusive malvertising campaign that spews malicious adverts.
Security researchers at security company Malwarebytes have uncovered a sophisticated malvertising campaign targeting various .eu based websites for several days until the payload was triggered when DailyMotion was hit.
In a blog post, senior security researcher Jérôme Segura said:
This particular malvertising attack is one of a few campaigns we have been tracking which is much more sophisticated than the average incidents we encounter daily.
We can say that lately threat actors have really stepped up their game in terms of being very stealthy and making a particular ad call look benign when reproduced in a lab environment.
A malvertising campaign routinely makes use of transactions based in online advertising and high-speed bidding. Also, such campaigns take advantage of the advertising process that brings an ad to a website that often involves several steps and organizations.
Here’s how the malvertising process works:
- Initially, scammers develop an advert that sends a user through multiple redirects to a website hosting a malware exploit kit, when clicked on.
- An automated process of bidding on advertising space is then initiated, before being sold through a broker or a third party via real-time bidding.
- The third party then claims the winning ad to display it throughout the advertising paltform’s ad space on the host page.
- Altogether, four or more entities can be involved in the entire process.
- The frenzied nature of real-time bidding and the presence of a faux advertisement that is infact malicious are easily missed.
Indeed, the problem comes when we suspect foul play but can’t prove it with a live infection. It is difficult to convince ad networks to take action, when on the surface there’s nothing wrong with a particular advertiser.
The researchers at MalwareBytes commended the efforts of online media exchange platform Atomix, who were seen in the ad call. Highlighting their concerns, the incident was resolved when all the necessary parties involved were called upon, with prompt action taken to remove the malicious advertisement.