• Hackers are now attacking old ad servers to run malicious ads directly.
  • Researchers say hackers have been using open-source ad server Revive.
  • Up to 1.25 million ad impressions from Revive have been compromised daily.

Hackers have continued to attract attention in these times, as they appear to have deployed new strategies to conduct their nefarious activities.

Cybersecurity firm Confiant has exposed the operation of a mysterious hacker group that breaks into ad servers with the sole intent of running malicious ads straight from the networks.

A New Direct Hacking Method

The hacker group found a flaw in old Revive ad servers that allows them to break into networks running on the server, Confiant reports. Once they gain access, they attach malicious code to existing ads and watch the ads roll out. Revive is an open-source ad serving system that has been in operation for well over a decade.

As soon as an infected ad gets onto legitimate sites, the code immediately redirects the site’s visitors to websites loaded with malware-infected files. These files are usually disguised as Adobe Flash Player updates.

Confiant said it noticed the trend last August, and the number of occurrences has only increased since then. The hacker group — which Confiant named Tar Barnakle — has infected at least 60 old Revive servers. Tag Barnakle has loaded its malicious ads on thousands of sites.

Confiant researcher Eliya Stein noted,

“If we take a look at the volumes behind just one of the compromised RTB ad servers — we see spikes of up to 1.25 [million] affected ad impressions in a single day.”

Confiant also points out that Tar Barnakle’s operating format presents a bit of a break from the norm. Most malvertising companies create fake entities and purchase ads on legitimate sites, thus changing the ads’ codes in the future. These companies also sometimes have help from shady ad networks that have enabled them in the past. However, Tar Barnakle is choosing to attack the ad servers directly.

Phishing and Malware Attacks Continue to Run Rampant

The report is coming in the wave of new fears over the propagation of scams and cyberattacks across the United States and several other developed countries. In the wake of the coronavirus, cyber attackers have been on the prowl and have escalated the scale of their attacks significantly.

Currently, phishing and malware attacks appear to be the most prominent methods used by these coronavirus hackers.

Earlier this week, the Microsoft Security Intelligence team issued a warning to users to be mindful of a new “Trickbot” malware that’s been taking advantage of the pandemic.

According to the researchers, hackers are now posing as the “USA Volunteer Organization” and the “USA Humanitarian Group” and are sending out phishing emails disguised as coronavirus testing information. Each email comes with an attachment that seeks to unleash the Trickbot malware on the victim’s computer. The researchers also warned that several phishing campaigns have been using the remote working theme to encourage victims to share their personal and financial information.

Jimmy Aki

Based in the UK, Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system. He's an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting, and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He has a strong passion for regulation and macroeconomic trends as it allows him to peek under the global bonnet to see how the world works. Follow him on Twitter: @adejimi

Follow Author

Want to know more?

Join our Telegram Group and get trading signals, a free trading course and daily communication with crypto fans!

This site uses cookies.
Click here to accept the use of these cookies. View our cookie policy

We are discussing it in our Telegram Channel

Join

Free crypto community in our Telegram Channel

Join Now

We are discussing it in our Telegram Channel

Join

We are discussing it in our Telegram Channel

Join