loader gif

eGobbler group target US users with a massive malvertising campaign

eGobbler group target US users with a massive malvertising campaign
  • A new malvertising campaign targeting US users’ personal and financial information was observed during the extended Presidents’ day weekend.
  • The massive malvertising campaign recorded over 800 million malicious ad impressions.

A new malvertising campaign targeting US users’ personal and financial information was observed during the extended Presidents’ day weekend. Researchers from Confiant observed over 800 million malicious ad impressions as a part of the massive malvertising campaign.

How does the malvertising campaign work?

  • Once the victims click on the malicious ads, they will be redirected to a wide variety of phishing sites.
  • The phishing sites will trick victims into entering personal as well as financial information such as names, addresses, contact information, payment card details etc.
  • The collected information will then be used by cybercriminals to perform various malicious operations, to conduct spear phishing email campaign, or to sell the stolen credentials in the darb web to other crooks.

“Landing pages for these types of campaigns tend to rotate, but the ones we've seen were not malware loaders. Instead, they were more phishing-oriented,” Jerome Dangu, CTO at Confiant, told ZDNet.

eGobbler group behind the malvertising campaign

Confiant researchers noted that eGobbler group is behind the massive malvertising campaign. They further stated that eGobbler’s malicious ads were designed to target only US users.

“Although these attackers have been around for months, they concentrated their efforts over the Presidents' Day holiday weekend, correctly assuming that they would be successful during a time when ad operations teams are offline or less available to troubleshoot security issues,” Confiant said.

Ad blockers not the best solution

In an interview with the CTO of Confiant, ZDNet enquired if ad blockers are a good solution for blocking malicious ads from loading inside users’ browsers, for which the Confiant CTO answered that blocking ads might not be the best solution for the health of the Internet in the long term.

“We wouldn't take the stance that ad blockers are positive because that's not a solution against ad-fraud but rather a recipe for killing the advertising industry as we know it. Put simply, we encourage executives across [the ad] industry to adopt solutions like ours in order to prevent the need for an ad-blocker,” the CTO said.

In other words, the Confiant CTO stated that if ad networks would do a better job at policing their ads, users wouldn't have the need to block ads in the first place.

loader gif