Cyber-criminals cannot justify themselves and everything they do is unethical and as the name says, a “Crime”. However, their creativity is off the charts, especially that of Malvertisers (who scam people through malicious advertisements). They always come up with innovative ways to force people to click on ads and earn money through them.
Moreover, unlike the scammers who deal with desktop and mobile malware, Malvertisers have to constantly keep introducing something new to counter the patches that the browser vendors introduce constantly.
Malwarebytes, researchers tasked with studying this particular kind of scam, have now detected a new way in which these scammers are tricking people to earn ad revenue. So, what happens is that users are taken to malicious websites and if the Malvertisers succeed in it, the website shows a pop-up ad inside. There will be an “x” (cross) button to close the advert. However, once the user takes the cursor to the close button, the pop-up will immediately expand and move the ad to the cross button’s location and if it is clicked, the scammers get ad revenue (which is significantly higher than the revenue generated through impressions). The scammers have used CSS to implement this functionality.
Gif / Video courtesy of: Malwarebytes
Jérôme Segura from Malwarebytes confirmed this and has acknowledged that timing in such cases is very crucial as the click needs to happen right when the users believe that they will be closing the pop-up, so it’s all a game of milliseconds. If this isn’t impressive, what is?
It should be noted that this trick is not the only impressive one these Malvertisers have come up with. The same group is responsible for abusing zero-day (Wordpress plugin), in order to take control of websites. The attack was used to redirect traffic from a website to the crooks’ fraudulent websites offering tech support and other such services.
The scammers are also known for freezing the users’ browsers through triggering countless downloads. This would lead to users believing that their systems had serious problems and they would eventually be coaxed into calling the tech support number, displayed on the scam site on which the browser got stuck.
As the latest hack involves CSS code, it is not possible to block it with an ad blocker. However, the ad blocker can be the savior if used beforehand as it will prevent the ad inside pop-up from getting loaded in the first place, foiling the trick in process.
Read Next: 10 Cybersecurity Myths That You Need to Know About (infographic)
Moreover, unlike the scammers who deal with desktop and mobile malware, Malvertisers have to constantly keep introducing something new to counter the patches that the browser vendors introduce constantly.
Malwarebytes, researchers tasked with studying this particular kind of scam, have now detected a new way in which these scammers are tricking people to earn ad revenue. So, what happens is that users are taken to malicious websites and if the Malvertisers succeed in it, the website shows a pop-up ad inside. There will be an “x” (cross) button to close the advert. However, once the user takes the cursor to the close button, the pop-up will immediately expand and move the ad to the cross button’s location and if it is clicked, the scammers get ad revenue (which is significantly higher than the revenue generated through impressions). The scammers have used CSS to implement this functionality.
Jérôme Segura from Malwarebytes confirmed this and has acknowledged that timing in such cases is very crucial as the click needs to happen right when the users believe that they will be closing the pop-up, so it’s all a game of milliseconds. If this isn’t impressive, what is?
It should be noted that this trick is not the only impressive one these Malvertisers have come up with. The same group is responsible for abusing zero-day (Wordpress plugin), in order to take control of websites. The attack was used to redirect traffic from a website to the crooks’ fraudulent websites offering tech support and other such services.
The scammers are also known for freezing the users’ browsers through triggering countless downloads. This would lead to users believing that their systems had serious problems and they would eventually be coaxed into calling the tech support number, displayed on the scam site on which the browser got stuck.
As the latest hack involves CSS code, it is not possible to block it with an ad blocker. However, the ad blocker can be the savior if used beforehand as it will prevent the ad inside pop-up from getting loaded in the first place, foiling the trick in process.
Read Next: 10 Cybersecurity Myths That You Need to Know About (infographic)