MutantBedrog is a malvertiser that caught our attention early summer ’04 for their highly disruptive forced redirect campaigns and the unique JavaScript payload that they use to fingerprint devices and dispatch invasive redirections. While a comprehensive report on MutantBedrog’s TTPs…
Tag: Confiant – Medium
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Introduction ScamClub is a prolific threat actor in the programmatic ad space known to carry out large-scale attacks with the purpose of scamming and defrauding their victims. ScamClub utilizes real-time bidding (RTB) integration with ad exchanges to push malicious JavaScript…
BadTrip: A chain of fake travel sites abuses search ads to commit fraud and credential theft
Brand impersonation and “cloaked” call-centers scale the scam up to more than 50,000 people. Scammers raking in upwards of $800 per victim. Successful malvertising campaigns have two key components: cloaking and churn. Normal security efforts will look at a few websites…
Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign
Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that target premium publishers and top-tier advertising platforms. The ones that are left, however, typically have little…
Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign
Over the last few years, as AdTech and browser security has continued to mature, many malvertisers have moved on from forced redirect campaigns that target premium publishers and top-tier advertising platforms. The ones that are left, however, typically have little…
Malvertiser Makes the Big Bucks on Black Friday
The DatalyMedia Cookie Dragon (source: MidJourney) Confiant’s broad coverage in ad tech gives us visibility on some of the darkest corners of the ecosystem. We are strong believers that to truly fight malvertisers, we have to understand their motives. Sometimes…