Major malvertising network targets Windows and Mac users

Scam advert

A new malicious advertising network is affecting sites including Amazon, Yahoo and YouTube. Dubbed "Kyle and Stan" by the Cisco Talos Security Research group that uncovered it, the malware is able to mutate to attack both Windows and Mac systems.

Online advertising has relatively few major distribution networks, by getting ads onto one of these an attacker has the potential to get malicious content in front of large numbers of users.

Talos Security Research has found a major network doing just this. Because of the naming scheme of hundreds of its sub-domains such as "stan.mxp2099.com" and "kyle.mxp2038.com", Talos has named the malvertising group "Kyle and Stan".

There's no drive-by download, the malware relies on social engineering to get the user to click on an ad. Once they do though the software redirects depending on the type of system you're using, allowing it to infect both Windows and Mac systems.

Clicking on the ad downloads a legitimate application like a media player but one which is bundled with adware and browser hijackers.

The network was first detected in early May and has shown spikes of activity in June and July. The research finds that the attack is using more than 700 domains, allowing the attackers to use a domain for a very short time, burn it and move on to use another one for future attacks. This helps them avoid reputation based and blacklist-type security solutions.

The malware dropper also employs unique checksums and encryption to try to avoid detection. The researchers conclude, "All in all we are facing a very robust and well-engineered malware delivery network that won’t be taken down until the minds behind this are identified".

You can read more and find a full list of the sites known to have been targeted on Cisco's blog.

Image Credit: Sam72 / Shutterstock

4 Responses to Major malvertising network targets Windows and Mac users

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.