Security researchers have recently reported that a malvertising (malicious advertising) campaign has outgrown any expectations in terms of damages. Advertisements brought by Mad Ads Media are causing redirects to malicious websites containing the well-known Nuclear exploit kit.
Mad Ads Media is a digital advertising company based in Mount Laurel, New Jersey. The company claims to work with numerous companies and to provide efficient advertising campaigns. Such networks are often employed to upload malicious ads that redirect users to attack’s pages.
Malvertising campaign not what it seems at first glance.
At first, researchers at Trend Micro thought that the incident is yet another suspicious ads campaigns but the truth is far more malicious. A more detailed checkup revealed that one of the servers of Mad Ads Media is compromised. The exploited component actually is a JavaScript library that assigns ads to specific websites. The library’s code is changed so that users are redirected to servers hosting the Nuclear exploit kit, as research shows.
Targeted websites contain manga and anime.
Mad Ads Representatives have not yet officially commented on the malicious attack, but actions towards an investigation have begun.
Once redirected to a website hosting the Nuclear exploit kit, the user’s browser is checked for an outdated version of Adobe Systems’ Flash program. If the version is present, the installation of Carberp malware follows. The end goal of the attack is theft of authentication credentials.
Nuclear exploit kit has been around for quite some time.
In April, experts reported that a large-scale Google ad campaign was severely compromised by the exploit kit.
WordPress has also been targeted several times. One of its recent Nuclear exploit kit’s incidents concerned the exploitation of the CVE-2015-0311 vulnerability.