![]() ![]() We studied three cases of the chain on Windows: Chrome, Firefox, and Microsoft Edge/Internet Explorer (Figure 1). It should be noted that both PornHub and Traffic Junky acted swiftly to remediate this threat upon notification. The infection chain in this campaign appeared on PornHub (Alexa US Rank 21 and world rank 38 as of this writing) and abused the Traffic Junky advertising network. This post looks at a recent KovCoreG campaign and describes what we know of the current state of their very active social engineering scheme. ![]() While we have discussed Kovter in the past, we have not had the opportunity to look in depth at an operation by KovCoreG (aka MaxTDS per FoxIT InTELL). We have recently looked at several of these groups including SadClowns, GooNky, VirtualDonna and AdGholas. To improve infection rates and better evade detection by vendors and researchers, threat actors have turned to advanced filtering techniques and social engineering instead of the widespread use of exploits.įew groups are able to infiltrate the advertising chain on the most visited websites. The attack has been active for more than a year and is ongoing elsewhere, but this particular infection pathway was shut down when the site operator and ad network were notified of the activity.ĭespite dramatic declines in exploit kit activity over the last year, malvertising remains a profitable enterprise for actors who can achieve sufficient scale and deliver malware effectively in a landscape where vulnerable machines are increasingly scarce. This attack chain exposed millions of potential victims in the US, Canada, the UK, and Australia, leveraging slight variations on a fake browser update scheme that worked on all three major Windows web browsers. Proofpoint researchers recently detected a large-scale malvertising attack by the so-called KovCoreG group, best known for distributing Kovter ad fraud malware and sitting atop the affiliate model that distributes Kovter more widely. ![]() Editor's Note: For more information on KovCoreG and Kovter, please see our actor profile here. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |