A massive malvertising network has been infecting as many as one million computers per day with a variety of geo-focused banking trojans. Named AdGholas, researchers say that it has been operating since 2015, infecting thousands of victims every day using a sophisticated combination of techniques that include filtering and steganography. It was receiving high-quality traffic from a variety of high rank referrers, from more than twenty different AdAgency/AdExchange platforms. The result was that AdGholas was clocking one to five million hits every day, and of these, 10-20% were redirected to an exploit kit. Proofpoint uncovered the campaign, and alerted the involved ad networks. It found that the domains that were used were clones of real, legitimate sites belonging to Hotel Merovinjo in Paris, Ec-centre and Mamaniaca, and that its approach varied depending on user and geography.
View Full Story
ORIGINAL SOURCE: Info Security Magazine