Assessment:  Detected and blocked a reoccurring redirect campaign impacting 50 domains.  Malicious ads drive mobile users to domains such as goodluckdog[dot]space.

Affected Platforms:  RhythmOne

Assessment:  Desktop redirect campaign targeting Safari, Chrome, and Firefox users.  Over a 3-day period, 1.2M impressions across 900 domains were impacted.  The redirects are being triggered by scripts hosted on various raxcdn and fastly domains.

Affected Platforms:  ADX, AOL, Index, Sovrn, Rubicon & RhythmOne

Examples:

Assessment:  Over 500M redirect ads, using hijacked retail creatives, have been detected on both mobile and desktop devices.  The campaign has impacted 2,000 domains and attempts to drive users to fake VPN landing pages.

Affected platforms: MediaMath, Index, Rubicon & AOL/Verizon

Assessment:  Two new malicious campaigns emerged and were blocked this weekend.  

Threat #1:  Affecting both mobile and desktop, fake fashion & car ads are redirecting users to unwanted landing pages like the ones below. 

Sample landing pages:

m.valueprizes[dot]best
v.valuepoints[dot]host
m.earnpoints[dot]today
t.earnpoints[dot]work
m.pointsprize[dot]online
m.pointsprize[dot]site

Threat #2:  Also affecting mobile and desktop, this campaign rotated malicious scripts from an ad server CDN to drive users to nefarious landing pages like hlcczebndb[dot]com.

Affected platforms:  Uprival Adserver, Verizon, Sonobi

Assessment:  Three separate redirect campaigns launched over the weekend.

Threat #1:   A script hosted on various raxcdn domains redirecting to domains such as licantrums[dot]com.  Primarily impacted desktop users on Chrome and Safari.  

Affected Platforms:  Sovrn, Index & RhythmOne/Unruly

Threat #2:   Campaign using steganography to forcefully redirect users to domains such as:

news12[dot]biz
lincolnnhattractions[dot]xyz
happyhattractions[dot]xyz
mediapicker[dot]com
performintenselyfreeapplication[dot]icu
performfreeintenselyapplication.icu
boot-upfree-theextremelyfile[dot]best
+ more

Sample Creative:

Threat #3:  Campaign, primarily on desktop, driving users to a fake Norton Antivirus page.  

Affected platforms:  Bidmond DSP, Reklamstore DSP

Campaign Creative Examples:

`` `` ``