Assessment:  Redirect campaign targeting both mobile and desktop users with fake update messages.  Redirects have been identified and blocked across 120 domains and almost 20 different publishers.  The primary redirection tactic utilized WebSockets while other scripts proactively looked for the presence of ad quality software. 

Affected Platforms:  EMX

Assessment:  Detected and blocked a reoccurring redirect campaign impacting 50 domains.  Malicious ads drive mobile users to domains such as goodluckdog[dot]space.

Affected Platforms:  RhythmOne

Assessment:  Desktop redirect campaign targeting Safari, Chrome, and Firefox users.  Over a 3-day period, 1.2M impressions across 900 domains were impacted.  The redirects are being triggered by scripts hosted on various raxcdn and fastly domains.

Affected Platforms:  ADX, AOL, Index, Sovrn, Rubicon & RhythmOne


Assessment:  Over 500M redirect ads, using hijacked retail creatives, have been detected on both mobile and desktop devices.  The campaign has impacted 2,000 domains and attempts to drive users to fake VPN landing pages.

Affected platforms: MediaMath, Index, Rubicon & AOL/Verizon

Assessment:  Two new malicious campaigns emerged and were blocked this weekend.  

Threat #1:  Affecting both mobile and desktop, fake fashion & car ads are redirecting users to unwanted landing pages like the ones below. 

Sample landing pages:


Threat #2:  Also affecting mobile and desktop, this campaign rotated malicious scripts from an ad server CDN to drive users to nefarious landing pages like hlcczebndb[dot]com.

Affected platforms:  Uprival Adserver, Verizon, Sonobi

`` `` ``