Massive malvertising campaign use steganography and file whitelisting to hide

[lassekongo83]

Quote

Proofpoint researchers have discovered and analyzed a massive malvertising network operating since 2015. Run by a threat actor we designated as AdGholas and pulling in as many as 1 million client machines per day. This malvertising operation infected thousands of victims every day using a sophisticated combination of techniques including sophisticated filtering and steganography, as analyzed by fellow researchers at Trend Micro. While AdGholas appears to have ceased operation in the wake of action by advertising network operators following notification by Proofpoint, the scale and sophistication of this operation demonstrate the continued evolution and effectiveness of malvertising.

Source: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight

 

 

This exploit was active on around 113 websites, including big sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, ArsTechnica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.

 

And websites ask users to disable their ad blockers.  In this case blocking 3rd party frames would add that extra protection needed. Even a script blocker would be great here. Pretty interesting how they with JavaScript can tell if you're on a OEM installation and a potential non tech savvy target. IE (ActiveX) only exploit? Is it even possible in Blink and Gecko?