Quote:The Media Trust has discovered a recent malvertising campaign involving Apple Pay that is part of a large-scale phishing and redirect campaign targeting iPhone users visiting premium newspapers and magazines.

In today’s blog post, Michael Bittner, digital security and operations manager at The Media Trust wrote that the campaign was discovered when the security team helped “a winner of several Pulitzer Prizes and one of the largest daily newspapers in the West Coast, thwart a large-scale phishing and redirect campaign targeting iPhone users visiting premium newspapers and magazines.”

Disguised as a legitimate ad, the malware, dubbed PayLeak, delivers those newspaper or magazine visitors who click on the ad to a malicious domain registered in China. Upon arriving, the malware then checks to see whether the visitor’s device is in motion or at rest, upright or lying down and whether it is an Android or iPhone. In addition to determining whether the browser platform in use is Linux x86_64, Win32 or MacIntel, the malware also confirms whether there is malware detection technology running on the device.