Go to listing page

HookAds malvertising campaign found distributing malware via Fallout Exploit kit

HookAds malvertising campaign found distributing malware via Fallout Exploit kit
  • The first campaign was observed on November 8 and involved the distribution of the DanaBot banking trojan.
  • The second campaign was identified on November 10 and it spread the Nocturnal stealer malware and the GlobeImposter ransomware.

Two new HookAds malvertising campaigns have been observed redirecting users to the Fallout Exploit Kit. These campaigns are lately being used to distribute various different malware variants such as the banking trojan DanaBot, the information stealer Nocturnal and the GlobeImposter ransomware.

According to exploit kit expert nao_sec, the two attack campaigns were discovered last week. The first campaign was observed on November 8 and involved the distribution of the DanaBot trojan and the second campaign was identified on November 10. This campaign spread the Nocturnal stealer malware and the GlobeImposter ransomware.

How does the HookAds campaign work?

The HookAds campaign leverages adult portals to spread malware. The campaign involves an attacker purchasing an ad space on adult websites, online gaming sites and blackhat SEO sites that generate millions of visits a month. The ad space is injected with ads that contain malicious JavaScript and are native to the region. When a visitor clicks on the ad, the Fallout exploit kit is silently loaded onto his/her computer.

Once installed, the exploit kit attempts to exploit the Windows CVE-2018-8174 VBScript vulnerability. Upon a successful exploitation, it allows the Fallout kit to install other malicious payloads, Bleeping Computer reported.

Cyware Publisher

Publisher

Cyware