Assessment:  Over 200 domains have been traced to an individual in Ukraine who is using them to perform advertising/redirect campaigns that claim your devices is infected for the purpose of tricking users to install one of several mobile VPN applications. The application blocks internet connections under the pretense of the device being infected, the user is forced to pay in order to regain network access. The landing URLs are a series of VPN related domains (backupvpn.com, numberonevpn.com etc).  ADL continues to investigate this threat and block new signatures as they arise.

Affected Platforms: My6sense DSP 

Assessment:  Redirect campaign driving users to domains such as walmart-u<dot>xyz and amazonpresent<dot>info, has been detected and blocked.  Similar to earlier patterns, this campaign leverages malicious code hosted on Google CDNs.

Affected Platforms:  For this particular campaign, the most common delivery path has been via Sovrn > Pubmatic > Bidswitch > Lazarus.Mobi (DSP)

Hijacked creatives

Read More

Assessment:  Spike in malicious activity starting on September 7 and continuing through the weekend.  Almost 6M impressions have been impacted.  Ads are actively looking to disable blocking solutions and fraudulently driving users to domains like:  october-gift-card[dot]cards.  

Affected platforms:  Rate of incidents was particularly high across Google ADX demand.

Assessment: A number of new redirect campaigns entered the ecosystem last weekend, impacting over 16M impressions across the majority of Ad Lightning partners.  One campaign resolving to the "numberonevpn" and other similar domains was traced back to a malicious app, Outlaw VPN, which should be blocked by all sites as an advertiser.

Additional Details: Unique signatures are up almost 10% this week compared to the week prior, reflecting the increase in malicious activity.

Assessment: Redirect campaign attempting to disable ad blocking scripts was detected and blocked.  Over 1M ads have been infected since August 16th.

Affected platforms: Smart Ad Server

`` `` ``