Instead of injecting nasty code into ads, attackers pose as legitimate advertisers and manipulate ad networks’ chain of trust.
Although malvertising campaigns are usually detected after a few days, a widespread malvertising campaign that abused several major ad networks evaded detection for three weeks, according to researchers at Malwarebytes.
“We saw there was activity,” says Malwarebytes senior security researcher Jerome Segura. “We saw there was something going on, but we just couldn’t pinpoint it.”
To read the entire article, please click here.