Main Malvertising Campaign Identified: 300 Million Browser Sessions Hijacked in 48 Hours

Nov 30, 2018

 

A major malvertising campaign is being carried out that is redirecting web users to phishing and cheat websites. Although malvertising campaigns are nothing new, this one stands out because of the size of the campaign. In 48 hours, over 300 million users have had their browsers redirected to malevolent web pages.

The campaign was found by scientists at a cybersecurity company Confiant on November 12. The scientists noted that the actor behind this campaign had been trailed and was found to have been carrying out campaigns continuously since August; nevertheless, the latest campaign is on a completely different level. Earlier, the scammer had carried out much smaller campaigns not involving level 1 publishers.

The campaign is aiming at mobile iOS appliances, mainly in the United States. Uses are convincingly redirected to a web page, which then redirects them to one more web site. Users are sent to a variety of different sites, even though mostly gift card cheat sites and adult content.

The click-through URL seemed to be play.google.com with the ad masquerading as a genuine Google Play app. The high quantity of clicks is partially because of the scammer using a top 5 marketing exchange. Two of the landing pages used were happy.hipstarclub.com and happy.luckstarclub.com, the latter was not being noticed as malevolent on VirusTotal.

A few of the landing pages offered false gift cards and prizes but were used to get confidential information such as names, email addresses, addresses, and other private data.

Confiant clarified that about 60% of its clients were impacted by the latest campaign, which is now being obstructed. Based on the 300 million redirects, and a conversion level of 0.1% which Confiant state is conservative, the campaign might have claimed about 300,000 sufferers. The cost of the advertisements was calculated to be about $200,000.

Since each sufferer is likely to have resulted in a payment of a few dollars, Confiant proposes this campaign has earned the attacker about $1 million in just 48 hours.