Malvertising Attack Hits Realtor.com Visitors

Malvertising Attack Hits Realtor.com Visitors

As the debate about online ads is raging thanks to Apple’s introduction of ad blockers in its App Store, malvertising keeps on striking high-profile sites.

The latest victim is popular real estate website realtor.com, ranked third in its category with an estimated 28 million monthly visits according to SimilarWeb.

People browsing the site in the last few days may have been exposed to this malvertising campaign and consequently infected if their computers were not patched or did not have adequate security software. Like all other malvertising attacks, this one did not require to click on the bogus ad to get infected.

The same gang that was behind the recent campaign we documented on this blog is still going at it using the same stealth tactics, which we will elaborate on a little more here.

realtor_flow

Rogue advertisers are putting a lot of efforts into making ad banners that look legitimate and actually promote real products or services.

We should also note that the use of SSL to encrypt web traffic is getting more and more common in the fraudulent ad business and that only makes tracking bad actors more difficult.

We have alerted both the publisher (Realtor.com) and the ad serving technology platform (AdSpirit) about this attack and the latter has already taken action to disable the malicious creative.

Malwarebytes Anti-Exploit users where already protected against this attack which attempted to distribute the Bedep Trojan (ad fraud, ransomware) via the Angler exploit kit.

ABOUT THE AUTHOR

Jérôme Segura

Principal Threat Researcher