Malware purveyors have 'creatively' used video to launch a large-scale malvertising attack earlier this month, according to a report.
The Media Trust, a company that's developed security tools and services for detecting malvertising, blogged about this uncommon way of maware attack. They say that the malware attack used video to orchestrate mayhem affecting 3,000 website for more than 12 hours beginning late on Thursday, October 29.
The malicious content came from a domain called brtmedia[.]net. It was unclear if that domain is connected with BRT Media, which appears to be an online advertising company.
The domain leveraged the advertising ecosystem to drop a video player-imitating swf file on thousands of websites. The file identified the website domain and then injected malicious javascript into the website?s page. Imitating a bidding script, javascript determined the video tag placement size and called a legitimate VAST file. As the video played, the browser was injected with a 1x1 tracking iframe which triggered a "fake update" or "Tripbox" popup which deceptively notified the user to update an installed program. Unsuspecting users who clicked on the fake update downloaded unwanted malware to their device.