Access to Innovation
Access to Capital
Access to Talent
Access to Market
Access to Knowledge
Date Trend snippet:
13 May 2021
Relevance date:
2020, 2021
Type of Treath or Oppertunity
Domain of application
Source of threat
Victim
- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Ads & PUAs increasingly indistinguishable from malware
Trends in Security
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Ads & PUAs increasingly indistinguishable from malware
Malicious advertisements (malvertising) remain a major source of threats to a range of devices. Two current trends in malvertising threats that fall outside the realm of malware attacks include technical support scams using “browser locking” web pages, and ads targeting mobile devices that are linked to fraudulent or “fleeceware” apps. Sophos classifies these as “fake alert” attacks—malvertisements that attempt to scare their targets into taking an action that will enrich the scammers behind them.
More source info
Malicious advertisements (malvertising) remain a major source of threats to a range of devices. We recently delved into two current trends in malvertising threats that fall outside the realm of malware attacks— technical support scams using “browser locking” web pages, and ads targeting mobile devices that are linked to fraudulent or “fleeceware” apps. Sophos Technical support scams typically attempt to steer targets into providing remote access to their computers and then convincing them to either purchase exorbitantly priced technical support software and services or obtain targets’ credit card data for fraudulent purposes. While many of these scams have relied on direct telemarketing calls in the past, many scam operators have moved to a “pull” model—using malicious web advertisements that attempt to convince the user that their computers have been locked for security reasons, and directing them to call the scammers themselves. these as “fake alert” attacks—malvertisements that attempt to scare their targets into taking an action that will enrich the scammers behind them.
To achieve this, the scammers deploy website kits containing scripts designed to make it difficult to navigate away from a page— including variations on the “evil cursor” (making the mouse pointer appear to be pointing somewhere it isn’t, or rendering it invisible) and “infinite download” attacks that overwhelm the browser—while trying to look like an alert from Microsoft or Apple. Some of the kits we found exploited a bug SophosLabs’ offensive security team discovered in Firefox earlier this year, while others executed similar attacks on other browsers—all of them being spread through malicious “pop-under” web ads.
The same ad network infrastructure supporting these attacks on PC and Mac browsers also serves up tech support scams and fake alerts that link to potentially unwanted mobile applications—including apps claiming to be virtual private network services and “cleaner” tools advertised as removing malware, with built-in subscription fees (and in some cases, actual Android malware). Sophos found a collection of ad campaign servers delivering these ads, using commercial software from a Russian developer specifically built for running such campaigns.
