Malvertising campaigns continue to rage around the web, but the latest campaign shows that non-browser-based applications can also be hit.
Skype, the popular messaging platform, feeds ads into its interface to monetize its free service. Recently, F-Secure noticed an unusual spike in activity stemming from the AppNexus ad platform, which serves advertising for Skype, among other applications.
“It was interesting to note that having the ad displayed in a platform external to the browser did not mean that the browser was no longer accessible and thus the user could no longer be affected,” the firm noted in its overview. “Typical browser visits were there, of course, which means that this attack was not targeted towards Skype users.”
Other popular websites that redirected to adnxs.com were gaming-related sites (wowhead.com, gsn.com, zam.com, wikia.com), news sites (dailymail.co.uk) as well as internet portals like msn.com.
This particular campaign ended up redirecting to the Angler exploit kit, which went on to install the ransomware known as TeslaCrypt. TeslaCrypt was first designed to target computers that have specific computer games installed—but has since widened its purview. The trojan will encrypt all files and lock victims out of their systems, and then ask for ransom for the decrypt key, which can vary between $150 and $1,000 worth of bitcoin.
This is of course just the latest malware campaign. Just last week, visitors to celebrity gossip portal TMZ were threatened with malware hidden in innocuous-looking online ads, according to security researchers.
The entertainment portal was one of many victims of a major malvertising campaign that also affected several other popular sites, including the Jerusalem Post and film review site Rotten Tomatoes.
The cyber-criminals in that case were using content delivery platform CloudFlare to hide their back-end server’s location and encrypt ad delivery, according to Malwarebytes senior researcher, Jerome Segura.
Photo © AmsStudio/Shutterstock.com