Angler malvertising campaign hooks visitors to big-name websites

Danger malware

It seems that a number of major websites have been affected by malicious adverts being piped across in the last few days, according to the observations of two security companies.

Both Trend Micro and Trustwave warned of major campaigns driven by the Angler exploit kit, spreading malvertising via a compromised ad network, serving the malware-laden adverts to popular sites including big news and entertainment websites (names of publishers weren't mentioned).

As Network World reports, it's not clear whether these two security outfits were talking about the same campaign, although if they are different attacks, both utilise the same backdoor called BEDEP (and of course that backdoor is a route in for whatever other malware the exploiter fancies dishing out).

Trustwave's report notes that they spotted the affected websites fetching a JSON file hosted on "brentsmedia[.]com", a "heavily-obfuscated JavaScript file with more than 12,000 lines of code".

And that code contains a long list of security tools and software used for the purposes of avoiding targeting those with protection and the likes of security researchers.

Malware moguls

BrentsMedia was apparently a legitimate advertising and mobile marketing company until the beginning of this year, when the domain expired in January, but then was registered again on March 6 by the malvertiser peddlers to use as a vehicle for piping out their malware.

Trustwave spotted malicious ads being delivered via two affiliate networks (at least), one of which reacted within an hour to close this down, but the other didn't get back to the security company.

Trend Micro noted an increase in Angler activity over in the US beginning on March 7, the day after the domain registration we mentioned that was observed by Trustwave.

Trend Micro said that the malicious adverts they uncovered could have affected tens of thousands of users thus far, although as of yesterday, the more popular affected sites were no longer carrying any advertising nastiness – though the Angler campaign still seems to be ongoing.

Being careful which sites you visit online is obviously always a good idea, but the problem with this sort of malware campaign is that it can easily affect major name sites which are trusted by the denizens of the web.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).