Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.

Fake JQuery Campaign On the Rise For Ad Fraud And Malvertising

Sign in to follow this  
AdminSec

71 views

Fake JQuery Campaign For Ad Fraud

Some malware campaigns seemingly never stop, rather they keep coming back again and again to prey on users. One such malware campaign involving fake jQuery has returned. This fake jQuery campaign now runs for ad fraud schemes and malvertising.

Fake JQuery Campaign For Ad Fraud

Researchers from Malwarebytes have spotted another fake jQuery campaign in the wild. The fake jQuery campaign that dates back to 2016, has once again gained momentum. Nonetheless, this time, the campaign aims at malvertising and ad fraud.

Elaborating on their findings in a blog post, the researchers stated that the payload here focuses at monetizing through ads.

The matter caught the attention of Malwarebytes after another researcher with alias ‘Placebo’ highlighted it in his tweet.

Screenshot_7.png

By searching the domains mentioned in this tweet on PublicWWW, the researchers could find thousands of domains infected with malicious script. When LHN attempted to cross-check this claim, we could also see at least over 1000 domains running the scripts for every domain listed by Placebo. The least results were found for “lib0[.]org” only, which were made up of a few hundred.

Digging further into the matter further Malwarebytes to establish that the fake jQuery domains basically redirect to other websites. They could see “12js.org” redirecting to financeleader[.]co, to which other fake domains also redirect.

fake jquery domains

However, if someone tries to directly visit the malicious website “financeleader[.]co”, the user will not succeed. The link redirects to Google.com, as Malwarebytes explained and LHN can verify.

Even if a visitor reaches the malicious domain with special identifiers via desktop, the user would only see a bogus website when on a US IP address. With a non-US IP address, the link would redirect to a site advertising VPNs. This depicts some kind of geotargeting behind this campaign.

Upon further research, they could also see another domain “afflink[.]org”, besides “financeleader[.]org”, as redirect link.

Mobile Phone Users Are Main Targets

According to Malwarebytes, the main target of this campaign seems mobile phone users. Where the payload will display full-screen ads on devices at regular intervals.

Explaining about this behavior, the researchers stated,

Quote

Once we switch to a mobile User-Agent and Android in particular, we can see a lot more activity and a variety of redirects.

In one case, when visiting the site on an Android phone, the researchers could see a malicious adult app asking for download. Upon analysis, this malicious app was found to generate full-screen ads at intervals.

While the researchers could not precisely determine the scale of this malware campaign for now, they fear that it will trigger massive ad fraud.

Quote

We weren’t able to get an idea of the scale at play, especially considering that the domain initiating the redirects really only became active in late May. However, given the number of websites that have been compromised, this campaign is quite likely funneling a significant amount of traffic leading to ad fraud.

Mobile phone users must stay vigilant when browsing different sites and downloading apps. Moreover, they will benefit from using a robust antimalware app running on their devices.

Let us know your thoughts in the comments.

Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×