• All Articles

Malvertising news update! Malware and Unwanted-programs Trojan attacks

By Anna

July 4, 2024

Copy of Adsecure New Web

Malvertisers are constantly thinking of new harmful tactics to target unaware end users across the globe, taking them entirely by surprise. This is why at AdSecure we continuously work to improve our platform’s Ad Security tech to bring you the best and most advanced tools. Also, we strive to create useful content to keep you up-to-date on news and developments in the Malvertising world. On this Malvertising news update, we bring you fresh news about 2 malicious Advertisers who used Trojan Malware and Unwanted-programs Trojan attacks to steal and resell end user information.

Unwanted-programs Trojan attacks installers leading to Oyster backdoor attack

Unwanted-programs violations consist of an executable file or mobile app disguised as a legitimate programs download pack that, once downloaded, triggers harmful actions that impair the end user’s safety and that of their device. Within the Unwanted-programs category we can find Adware, Browser hijackers, Spyware, Keyloggers and other harmful code.

Through a Malvertising campaign using Unwanted-Programs Trojan attacks installers for Microsoft Teams, Google Chrome, and other well-known software, the following Malvertiser delivered an Oyster backdoor attack, also known as Broomstick. The end users were lured to download a installer pack from legitimate-looking Phishing websites. The installer pack then automatically deployed the Oyster Malware, and without needing a specialized payload loader.

Why are Trojan attacks dangerous for the end user? Oyster backdoor attacks are known to execute Malware with remote code execution as well as host data removal and command-and-control communication. According to SC Media, the installed Microsoft Teams software was riddled with PowerShell malicious code designed to hide the attack from the end user entirely. This means that this tactic could go completely undetected and remain installed in the end user’s device for long periods of time!

New Poseidon Trojan Malware attack targets Mac end users

Malware is one of the most widely known Ad Security violations. This form of Malvertising scam hides malicious scripts in an ad. It can include viruses, worms and Trojan attacks that target end users to infect their devices and steal their data. It can disrupt computer operations, gather sensitive information, gain access to private systems, or display unwanted ads. Malware is the base of the following Malvertising scam described below.

For the second time, the Arc Browser is being used by Malvertisers to target end user information. In this case, Malvertiser Rodrigo4 is targeting Mac users, launching a fake Malvertising Google ad campaign infected with Poseidon Trojan Malware, with the aim of harvesting account credentials and VPN configurations in order to resell to third parties. He named the campaign “Poseidon”, which according to sources, was actually a rebrand of an earlier malicious payload that Rodrigo4 created, the OSX.RodStealer. The browser’s stable macOS version was just released a couple of weeks ago, making the choice to target Arc’s new Mac users an obvious pattern for Poseidon Trojan Malware distributors (stable iOS was released on February 2nd). 

As orchestrated by the Malvertiser, the end user would be lured to click on a realistic-looking Malicious Google ad campaigns with unwanted software for the Arc browser. This would lead them to arc-download.com, a bogus website offering Arc for Mac devices. If the end users decided to click on the compromised download, instead of Arc, they would end up downloading a malicious DMG file that resembled a legitimate installer, which would then install a Windows RAT (Remote Access Trojan). With it, Rodrigo4 could remotely extract end user information. Which is why Trojan attacks are dangerous for the end user.

The dangers of Unwanted-programs Trojan attacks and Malware

Like many other ad platforms, Google is susceptible to Malvertisers swapping legitimate URLs on ad campaigns with malicious ones post-launch, thus bypassing pre-launch ad security checks. An added problem to Google is that it allows bad actors to promote malicious search ads displaying legitimate URLs, which however, once clicked, redirect end users to wherever the Malvertiser wants them to go, generally a malicious landing page. This gives Malvertisers the perfect opportunity to infiltrate dangerous threats such as Unwanted-programs Trojan attacks and Malware, creating Malicious Google ad campaign with unwanted software.

Why are Trojan attacks dangerous for the end user? Trojans are malicious executable programs that disguise themselves as legitimate files, making them very difficult to detect. They are a type of Malware that hides within a legit file, with the goal of accessing end user devices. They are mainly used to steal end user data or spy on their computing activities, infect their devices or other programs, and even gaining access to bank accounts and other portals sensitive to monetary theft! Aside from being found in Unwanted-Program and Malware attacks, they can also be found in Phishing attacks and other harmful Malvertising tactics. There are several kinds of Trojan attacks, including:

  • Infostealer Trojan: It harvests sensitive data from the end user's device, like passwords, bank information, personal files, etc.
  • Backdoor Trojans: They grant Malvertisers unauthorized access and enable them to control the system, steal data, and sneak in more Malware.
  • Remote Access Trojan (RAT): The Malvertiser gains complete control over the end user’s device, remotely.
  • Distributed Denial of Service (DDoS) Attack Trojans: This threat performs DDoS attacks, flooding a network with traffic to overwhelm and crash it.
  • Downloader Trojan: It downloads unwanted malicious content into the end user’s compromised device.

As you can see, there are many ways in which Trojans can compromise end user security. And because of their stealth, Trojan attacks can be more dangerous than other Malware threats, being used to secretly infiltrate the end users’ systems and execute malicious actions, completely undetected.

Prevent Malware and Unwanted-program Trojan attacks with AdSecure

Every day end user information is spied on, stolen and sold by the hands of Malvertisers infiltrating Ad Platforms and Websites to fulfill their malicious goals. As you can see above, Malware and Unwanted-programs Trojan attacks can easily sneake into devices through compromised ads, becoming a huge cause of distress for the unassuming end user! If you are an Ad Network or website Publisher, it is your responsibility to keep them safe, thus also protecting the integrity of your brand. Wondering how to remove Infostealer Trojan Malware from your Ad Network and prevent Powershell Unwanted-programs attacks? You can do that by choosing to work with a Malvertiser detection and blocking tool which allows you to monitor your ads in real-time, pre and post-launch. Get in touch with us to organize a meeting with our team, or why not sign up for a Free Trial now?

Share this article on