In an escalating digital arms race, malvertisers have unveiled a new wave of sophisticated tactics that employ an advanced cloaking technique to evade detection. Threat actors are targeting specific IT programs, such as remote access tools and scanners, by creating malicious ads that appear on popular search engines such as Google, revealed security experts at Malwarebytes.
What’s happening?
The malvertising campaign involves creating ads for legitimate-sounding domains that lead to landing pages.
- These ads lead to landing pages that use sophisticated fingerprinting to identify and filter out potential security researchers or virtual machines.
- These pages employ multiple layers of checks, including server-side IP checks and client-side fingerprinting, to ensure that the victim is not a researcher or using a virtual machine.
- The fingerprinting process collects various browser properties, time zone information, rendering capabilities, and other data.
- If the victim passes these checks, they are redirected to a malicious landing page where they can download the malware payload.
Why use cloaking?
The use of advanced cloaking techniques in malvertising campaigns allows threat actors to evade detection and maintain their malicious infrastructure online for longer periods. The tactic, furthermore, impacts takedown actions as platforms may need to validate reports before suspending advertising accounts.
Conclusion
The use of advanced cloaking techniques and sophisticated fingerprinting processes allows malicious ads to remain undetected and deliver malware payloads to unsuspecting victims. To safeguard against ever-evolving malvertising tactics, security experts must prioritize regular website security audits, robust traffic analysis, and anomaly detection. Continuous monitoring for unauthorized code injection is crucial to thwarting the persistent malvertising menace.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_285058184.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0e95_shutterstock_2272706843.jpg)
