Threat Management
Old domains leveraged in global malvertising campaigns
North and South America, Europe, Africa, and Asia have been targeted by malvertising campaigns by sophisticated threat actor CashRewindo that leverage aged domains, BleepingComputer reports.
Domains registered at least two years old before having their certificates and virtual servers updated and assigned, respectively, are being used by CashRewindo in an effort to evade detection by security tools, a report from Confiant revealed. Some of the at least 487 domains used by CashRewindo have been registered as early as 2008 but have only been used this year.
Infected ads utilized by CashRewindo to redirect to the malicious domains have been observed to have tonal shifts so as to prevent detection of "strong language" on sites, as well as feature a tiny red circle to bypass fraud detection.
CashRewindo has also been configuring its scams based on targeted audiences. The U.S. is the 13th most targeted location of the malvertising campaign, while most attacks have been aimed at Windows devices.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds