An ongoing “malvertising” campaign dubbed “Tag Barnakle” was identified as the breach point of more than 120 Advertisement servers over the past year.
The threat actors aim to inject code to host Adware that redirects users to domains under threat actors’ control, exposing them to more malware.
The adversaries behind the Tag Barnakle campaign are upgrading their tools to target mobile devices in addition to the initial targets, such as the open-source advertising server Revive.
If someone were to engage with the Adware, their devices could become compromised and potentially used as a base for further attacks.
As the malvertising campaign is still active, thousands if not millions of devices are still at risk. Whilst there is no specific remediation, the following are recommendations on reducing the risk of compromise:
- Raise awareness in an organisation, and social engineering encompasses more than phishing. Potential victims need to be made aware of the dangers of clicking on Adware as well.
- Keep all antivirus software’s and software versions up to date and make sure that all necessary detection settings are enabled.
- Applications and software should only be downloaded and or purchased from a reputable source.
Source: The Hacker News