![Video Malware Attack Spreads Across Websites](https://cdrinfo.com/d7/system/files/styles/siteberty_image_770x484/private/site_news_image/malware_small_4.gif?itok=xhOdmXrY)
Video Malware Attack Spreads Across Websites
The malicious content came from a domain called brtmedia[.]net. It was unclear if that domain is connected with BRT Media, which appears to be an online advertising company.
The domain leveraged the advertising ecosystem to drop a video player-imitating swf file on thousands of websites. The file identified the website domain and then injected malicious javascript into the website?s page. Imitating a bidding script, javascript determined the video tag placement size and called a legitimate VAST file. As the video played, the browser was injected with a 1x1 tracking iframe which triggered a "fake update" or "Tripbox" popup which deceptively notified the user to update an installed program. Unsuspecting users who clicked on the fake update downloaded unwanted malware to their device.