Assessment:  Spike in malicious activity starting on September 7 and continuing through the weekend.  Almost 6M impressions have been impacted.  Ads are actively looking to disable blocking solutions and fraudulently driving users to domains like:  october-gift-card[dot]cards.  

Affected platforms:  Rate of incidents was particularly high across Google ADX demand.

Assessment: A number of new redirect campaigns entered the ecosystem last weekend, impacting over 16M impressions across the majority of Ad Lightning partners.  One campaign resolving to the "numberonevpn" and other similar domains was traced back to a malicious app, Outlaw VPN, which should be blocked by all sites as an advertiser.

Additional Details: Unique signatures are up almost 10% this week compared to the week prior, reflecting the increase in malicious activity.

Assessment: Redirect campaign attempting to disable ad blocking scripts was detected and blocked.  Over 1M ads have been infected since August 16th.

Affected platforms: Smart Ad Server

Assessment: Redirect campaign hijacking a Nike creative has been detected and blocked.  To date, over 7 million impressions have been blocked on iOS and Android devices across more than 50% of Ad Lightning's partners.

Affected platforms: Google seems to be the most heavily impacted.


Example landing page:

Read More

Assessment: Ongoing malicious activity leveraging websockets - to fingerprint a user’s browser and load additional known malicious domains - attached to legit creative scripts.

Affected platforms: Sizmek and AOL/AdTech

Update: To date, more than a dozen unique signatures have been identified that follow the previously noted pattern and ADL has blocked over 3M ads.

`` `` ``