A new report from Guardio Labs reveals that many fake captchas are appearing on search engines, with even legitimate publishers hosting malicious websites that spread malware to users' devices. When users are browsing, fake captchas appear out of nowhere and look just like real captchas. They also have a similar verification process as real ones so users often get fooled by them. The fake captchas ask users to press three key combinations, and when users press the keys, a malicious PowerShell command gets copy pasted on the system's Run window. It was still unclear how those threat actors are delivering fake captchas to users but now it's found that it is simply the exploitation by legitimate publishers.
Threat actors infiltrate the ad networks as they distribute from publishers’ websites to advertisers’ landing pages and even websites like Google and Facebook aren't safe from them. Malvertising is also happening on big platforms through ad networks which distribute traffic on a massive scale. When researchers analyzed malvertising and fake captchas, they found that all of the fake captchas have originated from one single site called Monetag, a subsidiary of PropellerAds. PropellerAds is an ad network company from Cyprus and it has been previously caught urging users to update their software or scan computers. Advertisers can easily create a Monetag account to run ads because the company provides everything an advertiser needs. The malicious ads created by Monetage then spread to different websites related to live sports streaming, piracy of movies and links on social media. Some of these malicious ads even appear at the top of Google search results.
Guardio Labs identified about 3,000 publishers in the last 10 days that had been using Monetag ad scripts. It was also found that malicious ads didn't always lead to malicious websites, and there were other services which were abused by abusers to spread malware. Actors are also using BeMob and tainting its reputation, and were using sites like Scaleway, Oracle Cloud, EXOScale and Bunny CDN to host fake captcha pages.
The researchers say that this is just a single example of how the advertising ecosystem on the internet is exploiting the users. The only solution to keep yourselves safe from these malicious actors is to be cautious of websites which are offering free content, and make sure you don't click on anything that promises you a gift. Malvertising cannot be stopped in a day because there's a huge network behind it so we should play safe on the internet as much as we can.
Read next: WhatsApp Beta Adds AI Replies and Themes: A Game-Changer for Businesses
Threat actors infiltrate the ad networks as they distribute from publishers’ websites to advertisers’ landing pages and even websites like Google and Facebook aren't safe from them. Malvertising is also happening on big platforms through ad networks which distribute traffic on a massive scale. When researchers analyzed malvertising and fake captchas, they found that all of the fake captchas have originated from one single site called Monetag, a subsidiary of PropellerAds. PropellerAds is an ad network company from Cyprus and it has been previously caught urging users to update their software or scan computers. Advertisers can easily create a Monetag account to run ads because the company provides everything an advertiser needs. The malicious ads created by Monetage then spread to different websites related to live sports streaming, piracy of movies and links on social media. Some of these malicious ads even appear at the top of Google search results.
Guardio Labs identified about 3,000 publishers in the last 10 days that had been using Monetag ad scripts. It was also found that malicious ads didn't always lead to malicious websites, and there were other services which were abused by abusers to spread malware. Actors are also using BeMob and tainting its reputation, and were using sites like Scaleway, Oracle Cloud, EXOScale and Bunny CDN to host fake captcha pages.
The researchers say that this is just a single example of how the advertising ecosystem on the internet is exploiting the users. The only solution to keep yourselves safe from these malicious actors is to be cautious of websites which are offering free content, and make sure you don't click on anything that promises you a gift. Malvertising cannot be stopped in a day because there's a huge network behind it so we should play safe on the internet as much as we can.
Read next: WhatsApp Beta Adds AI Replies and Themes: A Game-Changer for Businesses
