14 DAY TRIAL // The malvertising campaign that hit xHamster's visitors exactly a month ago is still going on even today, as BitDefender's Alexandra Gheorghe is reporting.
The campaign, first detected and analyzed by the security researchers at Malwarebytes, relies on serving malicious code, disguised inside an ad for the Sex Messenger dating app, which then redirects xHamster's visitors to Web pages serving more dangerous viruses.
These malicious ads were actually part of a larger malvertising campaign that's been raging since mid-August, hosted on the infrastructure of TrafficHaus, an online advertising platform.
According to recent research carried out by Bitdefender's team, the campaign is still going on undisturbed, and in a recent twist in the methodologies used by the cyber-crooks, they are now delivering browser ransomware.
The campaign targets inexperienced Internet users
Browser ransomware is not actually ransomware because it does not encrypt any of the user's files, but more in the category of scareware, inoffensive malware meant to alarm users into paying a fictional fine or unlock fee.
“No malware is really executed on the machine, so encryption does not take place,” said Alexandru Rusu, Malware Researcher at Bitdefender. “Technically, this is not ransomware, it is a type of scareware that urges inexperienced users to pay up simply because their browser window is blocked.”
In this particular case, Bitdefender says that the browser ransomware message is not removed even if the ransom is paid.
To avoid contamination, Mr. Rusu advises that users use an ad blocker when visiting any particular site that looks shady or has aggressive ads, not just xHamster.
Bitdefender was kind enough to share with Softpedia the list of countries where malvertising campaign was detected active. This is a list of all country codes: AE, AT, AU, BE, BH, CA, CH, CY, CZ, DE, DK, DZ, EG, ES, FI, FR, GB, GR, HR, HU, IE, IT, JO, KW, LB, LT, LU, LV, MT, MX, NL, NO, NZ, OM, PE, PL, PS, PT, QA, RO, SA, SE, SI, SK, TR, US, UY, YE.
