Angler malvertising campaign hooks visitors to big-name websites

Danger malware

It seems that a number of major websites have been affected by malicious adverts being piped across in the last few days, according to the observations of two security companies.

Both Trend Micro and Trustwave warned of major campaigns driven by the Angler exploit kit, spreading malvertising via a compromised ad network, serving the malware-laden adverts to popular sites including big news and entertainment websites (names of publishers weren't mentioned).

As Network World reports, it's not clear whether these two security outfits were talking about the same campaign, although if they are different attacks, both utilise the same backdoor called BEDEP (and of course that backdoor is a route in for whatever other malware the exploiter fancies dishing out).

Trustwave's report notes that they spotted the affected websites fetching a JSON file hosted on "brentsmedia[.]com", a "heavily-obfuscated JavaScript file with more than 12,000 lines of code".

And that code contains a long list of security tools and software used for the purposes of avoiding targeting those with protection and the likes of security researchers.

Malware moguls

BrentsMedia was apparently a legitimate advertising and mobile marketing company until the beginning of this year, when the domain expired in January, but then was registered again on March 6 by the malvertiser peddlers to use as a vehicle for piping out their malware.

Trustwave spotted malicious ads being delivered via two affiliate networks (at least), one of which reacted within an hour to close this down, but the other didn't get back to the security company.

Trend Micro noted an increase in Angler activity over in the US beginning on March 7, the day after the domain registration we mentioned that was observed by Trustwave.

Trend Micro said that the malicious adverts they uncovered could have affected tens of thousands of users thus far, although as of yesterday, the more popular affected sites were no longer carrying any advertising nastiness – though the Angler campaign still seems to be ongoing.

Being careful which sites you visit online is obviously always a good idea, but the problem with this sort of malware campaign is that it can easily affect major name sites which are trusted by the denizens of the web.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC