More than 3,000 websites and fraudulent CAPTCHA pages have been leveraged to facilitate the widespread DeceptionAds malvertising campaign that spreads the Lumma information-stealing malware, The Hacker News reports.
Attacks involved the addition of a BeMob URL to the ad management system of the Monetag website monetization platform, also known as Omnatuor or Vane Viper, in an effort to enable TDS redirection to fake CAPTCHA pages hosted on various legitimate services, according to a Guardio Labs report. While both Monetag and BeMob have already acted to remove accounts associated with malicious activity, threat actors are believed to have restarted operations earlier this month. "From deceptive publisher sites offering pirated or clickbait content to complex redirect chains and cloaking techniques, this campaign underscores how ad networks, designed for legitimate purposes, can be weaponized for malicious activities," said Guardio Labs Head Nati Tal, who noted the lack of accountability among ad networks, statistics services, and publishers, as well as hosting providers.