A campaign named GhostPoster has compromised 17 Firefox add-ons, embedding malicious JavaScript to hijack affiliate links, inject tracking, and facilitate ad fraud, affecting over 50,000 downloads. The malware employs sophisticated evasion techniques, including delayed activation and random payload fetching, to monitor browsing, strip security headers, and enable remote code execution, highlighting ongoing threats from malicious browser extensions.
A Reuters investigation reveals that Meta generates billions from Chinese ads, with a significant portion linked to scams and illegal activities, highlighting internal policies that prioritize revenue over fraud prevention, and raising concerns about the company's transparency and effectiveness in combating ad fraud.
OpenAI's ChatGPT Atlas browser can mimic human clicks on ads, potentially draining ad budgets and corrupting analytics data, which poses risks for digital marketing and calls for new detection standards.
Google disrupted the 'SlopAds' ad fraud campaign involving 224 malicious Android apps that generated 2.3 billion fraudulent ad requests daily, employing sophisticated obfuscation and steganography techniques to evade detection. The campaign was widespread, with apps downloaded over 38 million times across 228 countries, and used hidden malware modules to simulate legitimate ad interactions, generating significant revenue for attackers. Google has removed the apps and updated protections, but experts warn the threat may re-emerge with new tactics.
Cybercriminals are using fake TradingView ads on Meta's platform to distribute Brokewell malware for Android, which can steal sensitive data, monitor devices remotely, and hijack device controls, targeting cryptocurrency users since July 2023.
The PEACHPIT ad fraud botnet, part of the larger BADBOX operation, has been using hundreds of thousands of compromised Android and iOS devices to generate illicit profits. The botnet, discovered by HUMAN, was found in 227 countries and territories and infected devices through 39 apps installed over 15 million times. The malware allowed the operators to steal sensitive data, create residential proxy exit peers, and commit ad fraud. The Android devices are suspected to have been compromised through a hardware supply chain attack. Apple and Google have worked with HUMAN to disrupt the operation, but the attackers are likely adjusting their tactics to evade detection.
Chinese smart TV boxes sold on popular online retailers and resale sites were found to be infected with malware called Triada in a campaign named BADBOX. Over 200 models were discovered to have pre-installed malware, with 80% of the tested units infected. The malware delivered over four billion invisible ads per day. In another cybersecurity incident, software firm Blackbaud has settled with attorneys general from all 50 US states for $49.5 million over its deficient data security practices and inadequate response to a ransomware attack in 2020. Additionally, the Qakbot malware operation appears to be persisting despite an international takedown, and genetics firm 23andMe suffered a credential stuffing attack resulting in the theft of personal information, including genetic ancestry results.
Cybersecurity firm Human Security has discovered two backdoors, Badbox and Peachpit, in popular Android TV boxes, indicating an organized network of ad fraud. The malware can conduct ad fraud, create fake accounts, sell access to home networks, and is difficult to detect and remove. The affected devices include 200 different models of Android TV boxes, with 80% of those sold in the US containing Badbox. The network behind the malware is described as a "Swiss Army knife of doing bad things on the internet." Users are advised to install apps from reliable sources and keep their devices up-to-date. Human Security has shared its findings with law enforcement agencies.
Google has denied allegations that it violated its own guidelines and misled advertisers regarding ad viewership on third-party websites. Adalytics, a third-party analytics company, claimed that Google's video ads often appeared on lower-quality websites, were positioned away from the main content, and sometimes ran without audio. Adalytics suggested that these practices may have artificially inflated ad metrics, leading to advertisers paying more. Google has rejected these claims, stating that the report used unreliable methodologies and that the majority of video ad campaigns run on YouTube. The allegations come as Alphabet, Google's parent company, faces scrutiny over its advertising practices.
Over 100 million Google Play Store downloads have been infected by a new Android malware strain named Goldoson, which is part of a third-party software library used by more than 60 legitimate apps. The malware is capable of gathering information about installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations, and can perform ad fraud by clicking advertisements in the background without the user's consent. The rogue component has been removed from 36 of the 63 offending apps following responsible disclosure to Google. The findings highlight the need for app developers to be transparent about the dependencies used in their software and safeguard users' information against such abuse.
A new Android malware named 'Goldoson' has infiltrated Google Play through 60 legitimate apps that collectively have 100 million downloads. The malware can collect data on installed apps, WiFi and Bluetooth-connected devices, and the user's GPS locations, and perform ad fraud by clicking ads in the background without the user's consent. The impacted apps have been removed from Google Play, but the risk still exists on third-party Android app stores. Users can remediate the risk by applying the latest available update and looking out for common signs of adware and malware infection.
