"Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade," Infoblox said in a technical report published last week in collaboration with Guardio and Confiant."
"Vane Viper not only brokers traffic for malware droppers and phishers, but appears to run their own campaigns, consistent with previously documented ad-fraud techniques."
"One of the notable aspects of the threat actor's persistence techniques is the abuse of push notification permissions to serve ads even after the user navigates away from the initial page by altering browser settings. This approach relies on service workers, which maintain a persistent headless browser process to listen for events and serve unwanted notifications."
Vane Viper operated core infrastructure for malvertising, ad fraud, and cyberthreat proliferation for at least a decade. The actor brokered traffic for malware droppers and phishers and also ran its own ad-fraud campaigns. Vane Viper built a massive network of compromised domains by exploiting vulnerable WordPress sites to spread riskware, spyware, and adware. Persistence techniques included abuse of push notification permissions and altering browser settings, using service workers to maintain persistent headless browser processes that deliver unwanted notifications. The DeceptionAds campaign leveraged this malicious ad network for ClickFix-style social engineering. Activity tied to Monetag links to PropellerAds and parent AdTech Holding in Cyprus, and domains connected to PropellerAds have repeatedly facilitated malvertising and exploit-kit traffic.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]