Visitors to gossip portal TMZ have become the latest netizens threatened with malware hidden in innocuous-looking online adverts, according to security researchers.
The entertainment portal has become the latest victim of a major malvertising campaign which has already affected several popular sites including the Jerusalem Post and film review site Rotten Tomatoes.
The cyber-criminals are using content delivery platform CloudFlare to hide their back-end server’s location and encrypt ad delivery, according to Malwarebytes senior researcher, Jerome Segura.
As always, this malvertising campaign we uncovered goes through multiple layers and ultimately redirects to a domain that belongs to ad platform SmartyAds,” he continued.
“Rogue actors are leveraging SmartyAds by creating fake identities and legitimate looking websites which hide a complex infrastructure of conditional traffic redirection.”
The campaign is particularly insidious because the booby-trapped ads are crafted so that if a user visited them directly or without a proper referrer then they would appear perfectly normal.
“This is the legitimate façade that these criminal actors want ad networks to see,” he added. “In fact, they are so good at it that without actual proof of malicious activity, it’s difficult to find anything wrong with them.”
When the “right user” visits a page on which malicious ads appear, the malware will perform a series of checks on their PC.
If the right conditions are met they’ll be redirected to the notorious Angler exploit kit, which will serve up a whole batch of exploits and malware – with some form of ransomware more than likely to be among these.
TMZ has around 30 million monthly visitors so this campaign has the potential to infect large volumes of web users.
The ads themselves cost just $0.19 for one thousand user impressions – making malvertising a cheap and effective way to compromise large numbers of netizens.
However, some experts are claiming that the growing popularity of ad blocking technology could spell the end for this type of attack.
Trend Micro’s 2016 predictions report, The Fine Line, claimed as much, arguing that users of the blocking technology increased by nearly 50% in the US last year.