Malvertising Campaign Targets Millions of Users

A malvertising campaign dubbed "Tag Barnakle" has infected over 120 advertising servers in the past twelve months, according to security researchers. The goal of the large-scale campaign was to inject malicious code in advertisements served to users. The malicious snippets can redirect users to malicious websites and expose them to further malicious payloads and scams.

The campaign was examined in-depth by security experts working with ad security company Confiant. In its piece on Tag Barnakle, Confiant points out that the majority of malvertising actors use a different approach when it comes to spreading malicious ads. Most bad actors attempt to snake their way into the system and obtain legitimately purchased space to run bad advertisements in.

In contract to this approach, Tag Barnakle doesn't even attempt to play nice and goes for what researchers call "mass compromise" of ad servers and their infrastructure.

The malicious activities of the group behind Tag Barnakle started back in 2020, when around 60 advertising servers were infected. The primary target of the hackers were servers running an open-source ad server solution called Revive.

Unusual Approach

The difference in this new push from Tag Barnakle is that this time around the bad actors behind it are not just targeting web ads served on computer browsers. The new campaign includes mobile ads as well.

An advertisement originating from an infected server delivers a secondary payload after a fingerprinting check. If certain conditions are met, the victim is redirected to a website that lists fake VPN and other security-focused applications. Those apps either have undisclosed additional costs the user is not made aware of adequately or have capabilities that can directly hijack traffic for a number of other malicious ends.

Confiant believes that because Revive is a relatively popular ad server solution, the number of devices that may have been exposed to the malicious ads is in the tens or even in the hundreds of millions - a staggeringly large number.

The security company even goes so far as to call this a "conservative estimate", as Tag Barnakle first has to drop a cookie on the victim's device, potentially slowing down detection in the process.

By Zaib
April 20, 2021
Computer Security
English
April 20, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Phishing

A New Phishing Campaign Targets PayPal Users via SMS

Phishing attacks show no signs of slowing down in the new year. A new campaign has been making the rounds, this time targeting PayPal users. The scammers are sending fake SMS messages in their attempt to phish out... Read more

January 7, 2021
News

Why Did Twitter Tell Millions of Users to Change Their Passwords?

You may have heard that Twitter recently told its 300+ million users to change their passwords, but have you wondered why? Well, the reason for that is quite simple, it's about their users' security. Twitter... Read more

June 27, 2018
Malware

A New Malware Campaign Targets HR Departments as the Unemployment Rates Rise

The coronavirus pandemic has affected everyone, and this apparently includes the cybercriminals. For example, in March, Check Point registered a 30% reduction in the number of malware attacks compared to January. It's... Read more

June 5, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.