HackDig : Dig high-quality web security articles for hacker

Malvertising On The Pirate Bay Drops Ransomware

2016-04-27 02:20

Popular torrent site The Pirate Bay was serving ransomware via a malvertising attack this week-end. The fraudulent advertiser was using a ‘pop-under’ to silently redirect users to the Magnitude exploit kit and infect them with the Cerber ransomware.

This is part of the same Magnitude EK malvertising campaigns we have documented previously on this blog. The ad network changes, but the modus operandi remains the same.

Flow

Flow:

  • Publisher:
    • thepiratebay.se
  • Malvertising:
    • Fraudulent domain:
      • traffic.adxprts.com/?placement=[redacted]&redirect
      • delivery.adxprts.com/delivery.php?url=http%3A%2F%2Ftrafficholder.com%2Fin%2Fpop.php%3Fpenthubcom
    • Ad network:
      • trafficholder.com/in/pop.php?penthubcom
  • Magnitude EK Gates
    • gamesheep.me
    • veronagames.me

Magnitude EK:

Fiddler_cap

Malwarebytes Anti-Exploit blocks this attack:

MBAE_Magnitude

RiskIQ also spotted the same advertiser pushing fake software. That domain has now been obliterated by CloudFlare.


Source: p-eht-no-gnisitrevlam/40/6102/sisylana-taerht-stiolpxe/sisylana-taerht/gro.setyberawlam.golb

Read:2213 | Comments:0 | Tags:Exploits cerber magnitude EK ransomware The Pirate Bay TPB

“Malvertising On The Pirate Bay Drops Ransomware”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud