Assessment: Over 200 domains have been traced to an individual in Ukraine who is using them to perform advertising/redirect campaigns that claim your devices is infected for the purpose of tricking users to install one of several mobile VPN applications. The application blocks internet connections under the pretense of the device being infected, the user is forced to pay in order to regain network access. The landing URLs are a series of VPN related domains (backupvpn.com, numberonevpn.com etc). ADL continues to investigate this threat and block new signatures as they arise.
Affected Platforms: My6sense DSP