Security researchers at Malwarebytes who have been hot on the trail of the actors that pulled off a recent malvertising attack on Yahoo have observed a similar campaign launched by the same group against publishing network AdSpirit.de used by drudgereport.com, findagrave.com and others.
As in the Yahoo attack, the hackers redirected traffic to Microsoft Azure websites to spread the increasingly malware, the Malwarebytes security researcher Jerome Segura said in a Thursday blog post.
“Both URLs are using HTTPS encryption, making it harder to detect the malicious traffic at the network layer,” he wrote.
The Yahoo campaign ultimately led victims to the Angler Exploit Kit (EK). At the time, Malwarebytes noted the EK often leads to Bedep ad fraud and CryptoWallransomware. The company alerted AdSpirit to the latest campaign and while it received no immediate response, “the rogue advert was taken down,” according to the post.
UPDATE: Malwarebytes reported the malvertising campaign has moved to eBay and AOL.com, in the latter leveraging a new Azure domain.