Last month, we wrote about a malvertising campaign showing that ad platforms, even on non-browser applications, are susceptible to malware attacks that push users towards Angler exploit kit (EK).
Last week, we noticed yet another malvertising campaign, but this time, pushing users towards Magnitude exploit kit.
We noticed the following ad platforms being used in redirection to Magnitude EK.
www.terraclicks.com bestadbid.com onclickads.net popped.biz click2.danarimedia.com onclickads.net ads.adamoads.com
An interesting observation we found with one of the ad platforms, click2.danarimedia.com, is that, it is also being used by some distribution of Conduit Toolbars, which is considered “potentially unwanted” as they usually come bundled with free software and forces changes to browser settings.
The redirection from our upstream from the same ad platform to Magnitude EK is as below.
This proves that we should not underestimate the power of Potentially Unwanted Applications (PUA). Because even if a program started as potentially unwanted, it doesn’t mean that attackers could not take advantage of it in delivering other threats to the user’s machine. It is very possible that users could get redirected to exploits kits and eventually end up with a malware infection, which is for this particular exploit kit, is a CryptoWall ransomware.
Our users are protected with these threats through the following detections: