HackDig : Dig high-quality web security articles for hackers

Malvertising On The Pirate Bay Drops Ransomware

2016-04-27 02:20

Popular torrent site The Pirate Bay was serving ransomware via a malvertising attack this week-end. The fraudulent advertiser was using a ‘pop-under’ to silently redirect users to the Magnitude exploit kit and infect them with the Cerber ransomware.

This is part of the same Magnitude EK malvertising campaigns we have documented previously on this blog. The ad network changes, but the modus operandi remains the same.



  • Publisher:
    • thepiratebay.se
  • Malvertising:
    • Fraudulent domain:
      • traffic.adxprts.com/?placement=[redacted]&redirect
      • delivery.adxprts.com/delivery.php?url=http%3A%2F%2Ftrafficholder.com%2Fin%2Fpop.php%3Fpenthubcom
    • Ad network:
      • trafficholder.com/in/pop.php?penthubcom
  • Magnitude EK Gates
    • gamesheep.me
    • veronagames.me

Magnitude EK:


Malwarebytes Anti-Exploit blocks this attack:


RiskIQ also spotted the same advertiser pushing fake software. That domain has now been obliterated by CloudFlare.

Source: p-eht-no-gnisitrevlam/40/6102/sisylana-taerht-stiolpxe/sisylana-taerht/gro.setyberawlam.golb

Read:3167 | Comments:0 | Tags:Exploits cerber magnitude EK ransomware The Pirate Bay TPB

“Malvertising On The Pirate Bay Drops Ransomware”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)