This article was authored by Mike Bittner, Associate Director of Digital Security & Operations at The Media Trust.
A Seemingly Common Attack
The Media Trust has uncovered malicious campaigns streaming through one of the world’s largest global demand-side (DSP) adtech providers. The team detected the attacks while monitoring premium websites and mobile apps on devices using iOS version 12. Hiding within a PNG file to escape detection and persist, the malware behind the attack, named Stegoware-3PC by the Digital Security & Operations (DSO) team, automatically redirects site visitors to a phishing scam. At least five top-tier publishers, three demand-side vendors, and 11 other adtech vendors were exploited to serve malware to tens of millions of consumers.
This phishing scam masquerades as ads from a well-known e-commerce retailer, an outdoor apparel manufacturer, or other widely known brands. The ads prompt visitors to shop and, in so doing, enter their personal information. The malware exfiltrates the information and sends it to a malicious command and control server.
The DSO provided the DSP that was spreading the malware with a Buyer Seat ID number, which the latter used to provide direct attribution to the source of the malware. The team also notified and shared the digital threat intelligence with clients and their upstream partners to help them also identify the malicious buyer and shut down the evolving attacks. More...